Peer  Perspective.  IT  Leadership.  Business  Results,  i  computerworld.com  i  junej,  2010 


Also  inside:  The  Volatile  IT  Labor  Market 
man  Energy  Crisis  |  Server  Density  Hits  the  Wall 


The  IBM  System  x3550  M3  Express. 

When  the  downturn  ends,  the  upside  begins. 


With  new  opportunities  ahead,  now  is  the  time  to  invest  in  a  faster,  more  powerful 
server:  the  IBM®  System  x3550  M3  Express®  server,  powered  by  the  Intel®  Xeon® 
processor  5600  series.  By  replacing  your  aging  servers,  the  x3550  M3  can  help  you 
reduce  operating  costs,  increase  efficiency  and  respond  to  customers  more  quickly. 


| 


mmt 


memmm 


*7  gjjg  *  %  -  jjgg  J|  ■ 


IBM  System  x3550  M3  Express 

$3,299 

or  $84/month  for  36  months’ 

PN: 7944E2U 

1 U  dual-socket  server  featuring  up  to  2  Intel®  Xeon®  processor  5600  series 
18  DIMM  sockets  1333MHz  DDR-3  (18  RDIMMs,  144GB  max) 


IBM  System  x3650  M3  Express 


$3,065 

or  $78/month  for  36  months’ 
PN: 7945E2U 


2U  dual-socket  server  featuring  up  to  2  Intel®  Xeon®  processor  5600  series 
18  DIMM  sockets  1333MHz  DDR-3  (18  RDIMMs,  144GB  max) 


IBM  System  Storage  DS3200  Express 


See  for  yourself. 


$6,495 

or  $165/month  for  36  months’ 
PN: 172622X 


External  Disk  Storage  with  3  Gbps  Serial  Attached  SCSI  (SAS)  interface  technology 
Scalable  up  to  7.2TB  of  storage  capacity  with  600GB  hot-swappable  SAS  disks 


See  how  much  you  could  be  saving-in  just  minutes- 
with  the  IBM  Systems  Consolidation  Evaluation  Tool. 


ibm.com/systems/performance 


1  866-872-3902 

(mention  6N8AH27A) 


'IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers. 
Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  an  FMV  lease  o(  36  monthly  payments.  Other 
restrictions  may  apply.  Rales  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM  hardware  products  are  manufactured  from  new  parts  or  new  and  serviceable  used 
parts.  Regardless,  our  warranty  terms  apply.  For  a  copy  ol  applicable  product  warranties,  visit  http://www.ibm.com/servers/support/machine_warranties.  IBM  makes  no  representation  or  warranty 
regarding  third-party  products  or  services.  IBM,  the  IBM  logo,  System  Storage  and  System  x  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and/or  other  countries.  For  a  complete  list  ol  IBM  trademarks,  see  www.ibm.com/legal/copytrade.shtml.  Intel,  the  Intel  logo.  Xeon  and  Xeon  Inside  are  trademarks  of  Intel  Corporation  in  the 
U.S.  and  other  countries.  All  other  products  may  be  trademarks  or  registered  trademarks  ol  their  respective  companies.  All  prices  and  savings  estimates  are  subject  to  change  without  notice,  may 
vary  according  to  configuration,  are  based  upon  IBM’s  estimated  retail  selling  prices  as  of  5/1/10  and  may  not  include  storage,  hard  drive,  operating  system  or  other  features.  Reseller  prices  and 
savings  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed 
in  this  document  in  other  countries.  Prices  are  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features.  Contact  your  IBM  representative  or 
IBM  Business  Partner  tor  the  most  current  pricing  in  your  geographic  area.  ©  2010  IBM  Corporation.  All  rights  reserved. 


Powerful. 

Intelligent. 

v _ _ _ 


COMPUTERWORLD 

P.O.  Box  9171 

492  Old  Connecticut  Path 

Framingham,  MA  01701 

508-879-0700 

Computerworid.com 

»  EDITORIAL 

Editor  in  chief 

Scot  Finnie 

Executive  Editors 

Mitch  Betts,  Julia  King  (events) 

Managing  Editors 

Michele  Lee  DeFilippo  (production), 
Sharon  Machlis  (online), 

Ken  Mingis  (news) 

Director  of  Blogs 

Joyce  Carpenter 

Art  Director 

April  Montgomery 

Technologies  Editor 

Johanna  Ambrosio 

Features  Editors 

Valerie  Potter,  Ellen  Fanning  (special 
reports),  Barbara  Krasnoff  (reviews) 

News  Editors 

Mike  Bucken,  Marian  Prokop 

Senior  Editor 

Mike  Barton 

National  Correspondents 

Julia  King,  Robert  L.  Mitchell 

Reporters 

Sharon  Gaudin,  Matt  Hamblen, 

Gregg  Keizer,  Lucas  Mearian,  Patrick 
Thibodeau,  Jaikumar  Vijayan 

Assistant  Managing  Editor 

Bob  Rawson  (production) 

Editorial  Project  Manager 

Mari  Keefe 

Associate  Editor,  Community 

Ken  Gagne 

Office  Manager 

Linda  Gorgone 

Contributing  Editors 

Jamie  Eckle,  Preston  Gralla, 

Tracy  Mayor 

»  CONTACTS 

Phone  numbers,  e-maii  addresses 
and  reporters’  beats  are  available 
online  at  Computerworld.com 
(see  Contacts  link  at  the  bottom 
of  the  home  page). 

Letters  to  the  Editor 

Send  to  letters@computerworld. 
com.  Include  an  address  and  phone 
number  for  immediate  verification. 
Letters  will  be  edited  for  brevity 
and  clarity. 

News  tips 

newstips@computerworld.com 

Subscriptions  and  back  issues 

(888)  559-7327,  cw@omeda.com 

Reprints/permissions 

The  YGS  Group,  800-501-9571, 
ext.  180,  computerworld® 
theygsgroup.com 


THIS  ISSUE  |  06.07.2010  [  VOL.  44,  NO.  11  $5/C0PY  J 


Density  Hit! 
TheWallii 


Experts  question  wheth 
it  will  be  economical  to 

run  large  numbers  of 

.  -  _  • 

extremely  high-density 
server  racks  in  modem 
datacenters. 


COVER  STORY 

Cloud  Security: 
Oxymoron? 

18  The  pioneers  of  cloud  computing  and  SaaS  are  using  third-party  tools 
and  due  diligence  to  manage  the  security  risks. 


HEADS  UP  |  2  IT  is  greener  when  it  pays 
the  power  bill.  I  FTC  examines  privacy  risks 
of  photocopiers.  I  4  Perfect  storm  sinks  Unix 
server  sales.  |  Zappos  earns  No.  1  ranking 

for  e-retailing. 

NEWS  ANALYSIS  I  6  IT  staff  must  buy 
into  cloud  moves.  |  8  HP  seeks  new  skills 
to  staff  data  centers. 

OPINIONS  |  14  Thornton  May  worries  about 
low  IT  energy  levels  -  not  in  data  centers,  but  in 


the  tech  workers  themselves.  I  38  Bart 
Perkins  warns  of  the  potentially  high  price  of 
short-sighted  cost-cutting.  |  44  Scot  Finnie 
takes  an  early  look  at  the  year  ahead  for  the 
world  of  technology. 

DEPARTMENTS  I  10  The  Grill:  Fred  Brooks, 
father  of  the  IBM  System/360.  I  34  QuickStudy: 
Flash  memory.  |  36  Security  Manager’s 
Journal:  It  all  comes  down  to  patching.  I 

40  Career  Watch  |  42  Shark  Tank 


llllllllllllllll  FOR  BREAKING  NEWS,  VISIT  COMPUTERWORLD.COM  1 1 1 1 1 1 1 1 1 1 1 II 1 1 1 


HEADS  UP 

5 


BETWEEN  THE  LINES 

By  John  Klossner 


RESEARCH  RECAP 

Perfect  Storm  Sinks  Unix  Server  Sales 


THE  ECONOMIC  RECESSION  hit  the 

Unix  server  market  hard.  IDC  market- 
share  numbers  show  that  users  put 
off  buying  Unix  systems  in  recent 
months,  cutting  Unix’s  share  of  overall  server 
spending  to  one  of  the  lowest  levels  ever. 

An  IDC  report,  released  last  month,  tallied 
worldwide  Unix  revenue  of  $2.3  billion  — 
about  22%  of  total  spending  on  servers  — 
during  the  first  quarter  of  this  year.  The  Unix 
share  of  server  revenue  was  down  10.5  percent¬ 
age  points  from  the  same  quarter  a  year  earlier. 

The  latest  numbers  notwithstanding,  Unix 
still  accounts  for  a  big  portion  of  server 
revenue.  Unix  servers  are  mid-  to  high-end 
systems  that  typically  run  mission-critical  ap¬ 
plications,  but  they  are  gradually  declining  in 
popularity  as  x86  servers  grow  more  powerful. 
Unix  servers  may  run  one  of  several  Unix  vari¬ 
ants,  including  Solaris,  AIX  and  HP-UX. 

IDC  analyst  Jean  Bozman  attributed  the 
sharp  drop  in  first-quarter  Unix  server  sales  to 
a  combination  of  factors,  including  these: 


■  The  recession  delayed  sales  of  Unix 
servers,  which  are  typically  replaced  every  five 
to  seven  years. 

■  Although  Oracle  Corp.’s  deal  to  acquire 
key  Unix  server  vendor  Sun  Microsystems  Inc. 
closed  in  January,  users  might  be  putting  off 
purchases  of  Sun  products  until  Oracle  fully 
absorbs  the  company. 

■  Users  may  be  waiting  for  Unix  server 
upgrades  from  Hewlett-Packard  Co.,  which 
recently  announced  new  products  in  its  Integ¬ 
rity  line,  and  from  IBM,  which  is  expected  to 
release  new  Unix  servers  later  this  year. 

Analysts  said  it’s  too  early  to  gauge  whether 
users  are  accelerating  a  shift  away  from  Unix. 

Oracle  may  be  “the  biggest  question  mark, 
although  the  company  has  thrown  its  weight 
behind  Sun’s  UltraSparc  Unix  systems,”  said 
Pund-IT  Inc.  analyst  Charles  King.  “[Oracle] 
said  that  it  will  continue  development,  but  it  is 
|  going  to  take  a  while  for  us  to  really  see  what 
the  shape  of  that  is  going  to  be.” 

-  Patrick  Thibodeau 


Micro 

Burst 

The  number  of  netbooks 
shipped  worldwide  is 
expected  to  reach 

58  million 

this  year,  up  from 
36.3  million  last  year. 

SOURCE:  ABI  RESEARCH. 

.NEW  YORK.  MAY  2'01Q 


E-BUSINESS 

Zappos  Earns 
No.  1  Ranking 
For  E-retailing 

Zappos.com  Inc.,  the  online  shoes 
and  clothing  retailer,  scored  top 
marks  in  a  study  of  customer 
service  at  online  shopping  sites, 
according  to  ratings  agency  Stella- 
Service  LLCin  New  York. 

The  firm  rated  the  150  largest  In¬ 
ternet  retailers  on  300  factors,  such 
as  online  tools  and  their  Web  sites’ 
user  interfaces.  Following  Zappos 
in  the  rankings  were  Diapers.com, 
BlueNile.com,  Amazon.com, 
Staples.com,  Crutchfield.com, 
LLBean.com,  BestBuy.com, 
Apple.com,  Sears.com  and  REI.com. 

The  evaluations  included  usability 
tests,  orders  (and  returns)  of  sever¬ 
al  products,  and  more  than  a  dozen 
interactions  with  customer  service 
representatives  via  phone,  e-mail 
and  live  chat. 

StellaService  also  commissioned 
a  survey  of  304  consumers  and 
found  that  Americans,  on  average, 
are  willing  to  pay  a  10%  premium 
for  great  customer  service.  Respon¬ 
dents  said  that  speed  of  delivery  is 
the  biggest  factor  in  online  shop¬ 
ping,  followed  by  helpful  staffers 
and  easy  access  to  information  on  a 
company’s  Web  site. 

-  MITCH  BETTS 


i|  COM  PUTERWORLD  JUNE  7,  2010 


Top-tier  national  network 
Top-notch  local  support. 


Introducing  CenturyLink™  Business 


The  result  of  a  merger  between  CenturyTel  and  EMBARQ,  CenturyLink 
delivers  best-in-class  business  data  network  solutions  to  customers 
throughout  the  U.S.  You  can  count  on  us  to  combine  a  state-of-the-art 
national  network  with  local  support  from  people  who  know  you  by  name 


Get  Stronger  Connected™  to  the  technology,  resources  and  people 
that  will  help  your  business  stay  on  top. 


Learn  more  at  centurylink.com/stronger 
or  call  1-866-345-0814. 


CenturyLink 

Business 

' 

'  Stronger  Connected 


©2010  CenturyTel,  Inc.  All  Rights  Reserved. 

The  name  CenturyLink  and  the  pathways  logo  are  trademarks  of  CenturyTel,  Inc. 


NEWS  ANALYSIS 

IT  Staff  Must  Buy 
Into  Cloud  Moves 


INFORMATION  TECHNOLOGY  EXECUTIVES  overseeing  a 

corporate  switch  to  cloud-based  applications  are  generally 
ready  on  Day  One  to  deal  with  security  and  compliance 
issues  along  with  resistance  from  end  users. 

However,  CIOs  and  IT  managers  also  need  to  be  prepared 
for  another  roadblock  that  could  hinder  or  even  doom  a  company’s 
cloud  computing  plans:  pushback  from  IT  staffers. 

When  top  executives  decide  to  unplug  on-premises  servers, 
ditch  the  applications  housed  on  them  and  adopt  vendor-hosted 


software,  the  IT  personnel  that  support 
and  maintain  those  systems  are  bound  to 
get  nervous. 

Doug  Pierce,  global  IT  director  at 
Momentum  Worldwide,  a  New  York-based 
advertising  and  events  marketing  firm, 
said  many  of  the  company’s  28  IT  staffers 
raised  concerns  about  job  security  as 
soon  as  they  learned  of  plans  to  let  cloud 
vendor  Socialtext  Inc.  host  Momentum’s 
enterprise  portal. 

“Our  IT  employees  had  a  lot  of  ques¬ 
tions,”  Pierce  said.  “They  flat-out  asked, 
What  does  this  mean  for  me  and  my  job?’  ” 
From  the  beginning,  the  company  kept 
employees  informed  of  the  consequences 
of  the  move  —  in  this  case,  role  changes 
for  eight  members  of  the  staff,  he  said. 
“Keeping  [the  process]  very  open  and 
making  sure  IT  employees  understood 
was  very  helpful  to  our  department’s  suc¬ 
cessful  transition,”  Pierce  added. 

The  IT  leaders  at  San  Jose-based  elec¬ 
tronics  manufacturer  Sanmina-SCI  Corp. 
also  say  openness  with  employees  was 
helpful  in  moving  from  an  on-premises 
Microsoft  Outlook/ Exchange  system  to 
hosted  Google  Apps  offerings. 

“IT  is  becoming  more  of  a  service- 
oriented  organization,  providing  more 
value-added  services,  with  less  emphasis 
on  [maintaining  in-house]  systems,  net¬ 
works  and  architectures,”  said  Sanmina- 
SCI  CIO  Manesh  Patel. 

Cost  was  an  important  factor  for 
Sanmina-SCI,  and  it’s  what  initially  drove 
the  move  to  the  cloud,  but  Patel  said  the  company  sought  longer- 
term  value  by  making  its  700  IT  workers  more  productive  and 
effective.  “Make  sure  you  communicate  those  things  and  provide 
the  vision  of  what  that  means,”  he  added. 

At  some  companies,  like  Duralee  Fabrics  LLC  in  Bay  Shore, 

N.Y.,  there  was  little  pushback  from  IT  personnel.  CIO  Bill  Kelly 
noted  that  the  six-person  staff  was  “thrilled”  that  an  overtaxed  on¬ 
premises  e-mail  system  was  replaced  with  Google  Apps.  ♦ 

Perez  is  a  reporter  for  the  IDG  News  Service. 


In  addition  to  dealing  with  user  resistance,  CIOs  need  to 
gain  the  support  of  IT  staffers  to  successfully  switch  from 
in-house  to  cloud-based  apps.  By  Juan  Carlos  Perez 


Our  IT  employees 
had  a  lot  of 


questions.  They  flat-out 
asked,  ‘What  does  this  mean 
for  me  and  my  job?’ 


DOUG  PIERCE,  GLOBAL  IT  DIRECTOR, 
MOMENTUM  WORLDWIDE 


6  COMPUTERWORLD  JUNE  7,  2010 


Building  the  engines  of  a  Smarter  Planet: 

Five  ways  midsize  businesses  can 
create  a  more  dynamic  infrastructure. 

As  new  opportunities  emerge  on  a  smarter  planet,  midsize  businesses  are  uniquely  positioned  to  seize  them. 
They  are  the  engines  of  a  smarter  planet,  leveraging  their  size  to  move  more  nimbly  and  drive  innovation.  It  starts 
with  smarter  technology-a  dynamic  infrastructure  that  connects  IT  to  all  of  the  digital  and  physical  assets  of  the 
entire  business.  Midsize  companies  are  building  a  more  dynamic  infrastructure  with  the  IBM  HS22  and  HS22V 
Express®  blade  servers- helping  them  increase  performance  and  consolidate  resources,  while  reducing  costs 
and  energy  use.  Let  IBM  and  our  Business  Partners  show  you  how: 


Powerful. 

Intelligent. 

v _ J 


ILook  closer  with  IBM  Systems 
Consolidation  Evaluation  Tool  to 
compare  your  current  infrastructure 
with  where  you  want  to  go. 


5  Reduce  energy  costs  by  up  to  93% 

versus  previous-generation  rack  servers. 
Learn  how  you  could  see  a  return  on  your 
investment  in  under  12  months.2 


3  Dial-up  efficiency  and 

performance  with  the  IBM  HS22 
Express  -  a  server  featuring  the 
Intel®  Xeon®  processor  5500  series. 


per  month  for  48  months.1 


Prepare  for  growth  with 
smart,  scalable  and  cost- 
effective  solutions. 


Do  more  with  less.  IBM  HS22  Express 
Server  and  BladeCenter®  S  Express 
chassis  with  integrated  storage  and 
networking,  priced  specifically  for 
midsize  companies  from 


$163 


Midsize  businesses  are  the  engines  of  a  Smarter  Planet. 

The  IBM  Express  Advantage™  Concierge  can  connect  you  to  the  right  IBM 
Business  Partner.  Call  877-IBM-ACCESS  or  visit  ibm.com/systems/more 


v  •  / 


'Prices  are  current  as  of  2/8/10  and  are  subject  to  change  without  notice.  Manufacturer's  suggested  retail  price;  dealer  prices  may  vary.  Minimum  transaction  size  is  $5,000;  monthly  payments  are  estimates  based  on  lease  rates 
for  installations  of  qualified  products  and  services  in  the  United  States.  Actual  rates  may  vary  based  on  your  creditworthiness,  configuration  details,  etc.,  and  are  subject  to  credit  approval  by  IBM  Credit  U.C.  For  some  clients,  total 
software  and  services  are  limited  to  75%  of  hardware  financed.  Other  conditions  may  apply,  so  please  contact  your  IBM  Authorized  Business  Partner  or  IBM  representative  for  more  information.  'Return  on  investment  arid  power  savings 
calculation  based  on  11:1  consolidation  ratio  scenario  of  166  Intel  1U  2  socket  servers  to  14  BladeCenter  HS22  servers  and  savings  In  energy  costs,  software  license  fees  and  other  operating  costs.  Actual  costs  and  savings  will  vary 
depending  on  individual  customer  configurations  and  environment.  For  more  Information,  visit  www.ibm.com/smarterplanet/claims.  IBM.  ttie  IBM  logo,  lbm.com.  Express  Advantage,  Express.  BladeCenter.  Smarter  Planet  and  the  planet  icon 
are  trademarks  of  International  Business  Machines  Corp..  registered  in  many  Jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the 
Web  at  www.ibm.com/legal/copytrade.shtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©  International  Business 
Machines  Corporation  2010.  All  rights  reserved. 


■  -  zJJsMSmsM 

. 


gffigtjg 


NEWS  ANALYSIS 

HP  Seeks  New  Skills 
To  Staff  Data  Centers 

Hewlett-Packard  is  cutting  9,000  IT  jobs  while  adding 
6,000  new  employees  who  have  sales  and  service- 

delivery  expertise.  By  Patrick  Thibodeau 


THE  REALIGNMENT  PLAN  that  Hewlett-Packard  Co.  an¬ 
nounced  last  week  —  which  calls  for  cutting  9,000  IT 
positions  while  adding  6,000  new  employees  —  is  the 
latest  example  of  the  changing  staffing  needs  brought 
on  by  a  shift  to  highly  automated  data  centers  that  no 
longer  require  workers  with  hands-on  IT  skills. 

Many  companies  are  looking  to  staff  next-generation  data  centers 
with  people  who  have  expertise  in  the  sale  and  delivery  of  IT  services. 

HP  has  not  yet  specified  which  positions  are  slated  for  elimina¬ 
tion,  but  James  Staten,  an  analyst  at  Forrester  Research  Inc., 
speculated  that  they  will  most  likely  be  IT  operations  posts  like 
systems  administrators.  Most  of  the  6,000  new  hires  will  prob¬ 
ably  be  IT  architecture  and  sales  experts,  he  added. 

The  company  said  the  changes  in  its  Enterprise  Services  unit 
will  take  place  over  several  years. 

In  a  conference  call  with  investors,  HP  executives  called  the 


realignment  the  latest  step  in  the  evolution  of  its 
services  operation  —  a  key  part  of  the  company 
since  its  2008  Electronic  Data  Systems  Corp.  ac¬ 
quisition,  which  brought  137,000  new  employees 
on  board. 

HP  said  the  restructuring  will  also  include  the 
consolidation  of  data  centers  and  management 
platforms  that  will  eventually  allow  for  a  more 
automated  delivery  of  services  to  customers.  “We 
think  the  next  five  to  10  years  are  going  to  be  about 
who  can  best  use  technology  to  automate  the  de¬ 
livery  of  services,”  said  Ann  Livermore,  executive 
vice  president  of  HP’s  Enterprise  Business  unit. 

The  plan  renews  an  effort  launched  prior  to  the 
EDS  deal,  when  HP  cut  its  corporate  data  centers 
from  some  85  to  six,  added  industry-standard  products  and  got  rid 
of  redundant  or  outdated  hardware  and  software. 

HP  has  gained  a  raft  of  new  data  centers  since  the  EDS  deal;  most 
were  acquired  from  customers  as  part  of  outsourcing  agreements. 

Martin  Reynolds,  an  analyst  at  Gartner  Inc.,  said  that  the  ser¬ 
vices  unit  improved  the  efficiency  of  the  acquired  data  centers, 
but  “they  are  [still]  not  as  streamlined  as  HP  wanted  them  to  be.” 

Reynolds  expects  that  HP  will  move  to  further  streamline 
those  operations  by  turning  to  x86  applications  for  consolidation 
and  virtualization  rather  than  mainframe  and  Unix  systems. 
“They  are  looking  to  take  all  those  nonvirtualized  x86  applica¬ 
tions  and  move  them  to  HP’s  managed  environment,”  he  said. 

The  moves  may  indicate  that  HP  has  convinced  its  customers 
that  its  data  center  plans  will  ultimately  reduce  their  IT  costs.  ♦ 
Peter  Sayer  and  Chris  Kanaracus  of  the  IDG  News  Service 
contributed  to  this  story. 


ik  the  next  five  to  10  years  are  going  to  be  about  who  can  best  use  technology 

late  the  delivery  of  services.  -  ann  Livermore,  executive  vp,  HEWLETT-PACKARD  co 


8  COMPUTERWORLD  JUNE  7,  2010 


O  FOTOUA  /  SPECTRAL-DESIGN 


Building  the  engines  of  a  Smarter  Planet: 

It’s  not  just  what  you  have. 

It’s  how  you  use  it. 

On  a  smarter  planet,  midsize  businesses  are  facing  an  explosion  of  data  within  their  organizations.  As  the  engines  of  a  smarter 
planet,  they  don’t  see  this  data  as  a  burden,  but  as  a  tremendous  opportunity.  However,  they  need  the  right  tools  to  turn  that  data 
into  intelligence,  derive  meaningful  insight  and  use  it  to  take  action,  introducing  IBM®Cognos®  Express™— the  first  and  only  integrated 
business  intelligence  and  planning  solution  built  and  priced  to  meet  the  needs  of  midsize  companies.  It  delivers  essential  reporting, 
analysis,  planning,  budgeting  and  forecasting  capabilities  to  gain  the  insight  needed  to  take  action,  drive  efficiency  and  identify  new 
opportunities  on  a  smarter  planet.  Because  it’s  not  just  what  you  have.  It’s  how  you  use  it: 


ITurn  data  into  intelligence.  Your  entire  organization 
will  benefit  from  dashboards  and  reports  that  provide 
business  context  to  complex  data.  They  help  build  an 
information-driven  culture  that  connects  disparate  data 
and  turns  it  into  new  intelligence. 


2  Uncover  insights.  Go  from  information  to  insight. 

Spot  business  problems,  recognize  emerging  trends 
immediately  and  analyze  complex  data. 


3  Take  action.  Use  your  insight  to  have  a  real-time  view 
of  future  business  results.  Realigning  your  resources 
with  planning  can  help  you  react  faster  to  changes  in 
the  market,  reduce  labor  costs,  increase  sales  and  boost 
production. 


Plug  the  Cognos  Express  solution  into  your 
infrastructure  within  an  hour. 

Starting  at 


per  user  per  month.1 


A  free  30-day  trial  is  now  available. 


Midsize  businesses  are  the  engines  of  a  Smarter  Planet. 

The  IBM  Express  Advantage™  Concierge  can  connect  you  to  the  right  IBM 
Business  Partner.  Call  877-IBM-ACCESS  or  visit  ibm.com/engines/cognos2 


;$25/user/montii  based  on  a  minimum  of  US$22,500  for  25  users  financed  over  36  months.  Actual  rates  may  vary  based  on  your  creditworthiness,  configuration  details,  etc,  and  are  subject  to  credit  approval  by  IBM  Credit  LLC.  For  some  clients, 
total  software  and  services  are  limited  to  75%  of  hardware  financed.  Other  conditions  may  apply,  so  please  contact  your  IBM  Authorized  Business  Partner  or  IBM  representative  for  more  information.  Actual  costs  will  vary  depending  on  individual 
customer  configurations  and  environment.  IBM,  the  IBM  logo,  ibm.com,  Cognos,  Cognos  Express,  Express  Advantage,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp,  registered  in  many  jurisdictions 
worldwide  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/copytrade.shtml.  ©  International  Business  Machines  Corporation  2010. 


Fred 

Brooks 


The  father  of 
the  IBM  System/360 

reveals  his  secret  for 
great  design. 


In  high  school,  you  were:  One  of 

two  students  they  thought  of  as 
academic!  (Five  of  my  high  school’s 
class  of  90  students  went  on  to 
become  university  professors.) 

Favorite  technology: 

The  Macintosh  laptop 

Four  people  you’d  like  to  invite  to 
a  dinner  party:  C.S.  Lewis,  Gerrit 
Blaauw  (my  best  friend  in  the  world), 
my  wife  and  John  Fairclough  (my  best 
friend  before  he  passed  on). 

Favorite  design:  My  beach  house 
is  my  all-time  favorite,  but  I’m 
very  fond  of  my  Chevrolet 
Avalanche  truck! 

Favorite  work  of  fiction: 

J.R.R.  Tolkien’s  The  Lord  of  the  Rings 


FRED  BROOKS  helped  define  computer  software,  in  deed  as  well  as  word.  He  served 
as  project  manager  for,  and  thus  as  “father”  of,  the  IBM  System/360  and  led  the 
design  of  its  operating  system.  In  his  classic  1975  book  The  Mythical  Man-Month, 
he  coined  Brooks’  Law,  which  states  that  “adding  manpower  to  a  late  software 
project  makes  it  later.”  He  left  IBM  in  1964,  when  the  System/360  was  introduced,  to  start 
the  computer  science  department  at  the  University  of  North  Carolina  at  Chapel  Hill.  Today, 
at  age  79,  he’s  still  teaching  and  has  published  a  new  book,  The  Design  of  Design:  Essays 
From  a  Computer  Scientist  (Addison-Wesley  Professional,  April  2010). 

You’re  famous  for  Brooks’  Law,  but  you  also  said  that  when  building  something,  “you 
should  plan  to  throw  one  away.  You  will  anyway.”  That  was  the  first  edition  of  The 
Mythical  Man-Month.  In  the  second  edition,  I  say  that  was  misguided!  You  ought  to 

Continued  on  page  12 


10  COMPUTERWORLD  JUNE  7,  2010 


IH  mm 


united' 

internet 


1&1®  INSTANT  DOMAIN  PACKAGE: 

FREE  Private  Domain  Registrar 
1&1  Starter  WebsiteBuilder 
E-mail  Account  With  2  GB  Mailb 
f  24/7  Toll-Free  Customer  Suppor 


www.landl 

"S'  . 


Get  started  today,  call  1-877-GO-1AND1 


:  A  .  -y*{  ■.  .  ‘y  ,  /■  1,1  •  ’  ‘r‘!  * 

■  .  .  '  ,;V:  m 

Offer  valid  through  June  30,  2010  and  applies  to  the  Instant  Domain  Package  only.  After  first  year,  standard, pricing  applies.  (Mt  1  per  customer.  Visit  www.1and1.com  for  full  promotional.offer  aetaifer frograrti  pi 

cations  and  availability  subject  to  change  without  notice.  1&1  and  the  1  &1  logo  are  trademarks  of  1  &1  Internet  AG,  all  other  trademarks  are  the  property  of.  their  respective 


THE  GRILL 


FRED  BROOKS 


You  raise  the  idea  of  the  team  vs.  the  individual  de¬ 
signer  and  how  we’ve  shifted  toward  team  design  in 
part  because  things  have  become  so  complex.  What 
about  Steve  Jobs?  Is  he  an  exception  to  the  broader 
rule  you’re  discussing?  He’s  unquestionably  a  great 
designer  in  that  he  has  the  vision  of  what  the  product 
ought  to  be.  [Polaroid  founder]  Ed  Land  was  the  same 
way.  Now,  what  Land  did  and  what  Jobs  did  is  gather 
a  team  of  people  with  the  various  skills  to  realize  the 
vision.  Jobs  doesn’t  do  [everything],  but  he  sees  the 
things  to  be  done  and  casts  that  vision  before  a  team 
that  can  realize  it. 

What  about  the  rest  of  us?  How  are  we  supposed  to 
make  something  great?  The  secret  is  to  start  with  a 
vision  of  what  will  be  useful,  why  it  will  be  useful.  Ed 
Land  said,  in  an  annual  report  from  Polaroid,  what 

12  COWIPUTERWORLD  JUNE  7,  2010 


Continued  from  page  10 
plan  to  continually  iterate 
on  it,  not  just  build  it, 
throw  it  away  and  start 
over.  Some  of  the  things  I 
said  in  1975  were  wrong, 
and  in  the  second  edition, 
I  correct  them. 


If  you’re 
designing 
something 
new,  find 
and  choose  your  chief 
designer  and  trust  them 
to  do  it  their  way  instead 
of  putting  all  kinds  of 
shackles  around  them. 


In  your  new  book,  you 
draw  on  your  experi¬ 
ences  designing  things 
such  as  a  beach  house. 
Are  you  trying  to  get 
people  in  programming 
to  look  beyond  software? 
That’s  my  central  thesis. 
There  are  these  invariants 
across  mediums  in  which 
one  designs.  Let’s  try  to 
identify  these  invariants 
and  learn  from  the  older 
design  businesses. 

In  IT,  a  long-held  belief 
is  that  business  people 
don’t  understand  tech¬ 
nology  and  tech  people 
don’t  understand  busi¬ 
ness.  Is  that  a  truism? 

I  don’t  think  it  is.  It’s  true 
that  some  business  people 
don’t  understand  tech  and 
some  tech  people  have 
no  interest  whatsoever  in 
business.  But  the  pointy- 
headed  boss  in  Dilbert  is  a 
caricature.  It  characterizes 
some  situations  where  we  have  bosses  running  soft¬ 
ware  projects  who  don’t  understand  what  software  is 
about.  I  think  that’s  no  longer  the  prevailing  situation. 


you  do  is  you  start  with  a  vision  of  the  product  and 
one  by  one  remove  the  technical  obstacles  until  it  s 
realized.  That’s  a  nice  way  of  thinking. 

My  net  message  is,  if  you’re  designing  something 
new,  find  and  choose  your  chief  designer  and  trust 
them  to  do  it  their  way  instead  of  putting  all  kinds 
of  shackles  around  them.  Give  them  authority  over 
what  the  design  should  be.  As  far  as  I  can  tell,  when 
[architect]  Christopher  Wren  was  entrusted  with 
building  those  66  churches  in  London  after  the  big 
fire  [of  1666],  they  don’t  seem  to  have  nitpicked  him. 
The  famous  Lockheed  Skunk  Works  —  they  locked 
the  door,  let  the  people  go  off,  and  they  came  back 
with  a  radar-invisible  airplane.  We  had  watchbirds 
galore  [for  the  System/360],  but  at  the  final  sprint,  I 
shut  them  out. 

You  also  note  that  organizations  often  behave  worse 
than  individual  members  of  the  group  would  on 
their  own.  Why  is  that?  I  don’t  fully  understand  that. 
There’s  something  about  peer-group  pressure  that 
encourages  people  to  cross  bounds  they  wouldn’t 
cross  by  themselves. 

How  can  we  curb  that  Lord  of  the  Flies  tendency? 

I  think  it’s  leadership.  You  train  individuals  to  have 
character  enough  not  to  go  along  with  the  stream. 

And  that  has  to  be  done  at  home  and  in  the  schools. 

What’s  the  state  of  computer  science  education  in 

the  U. S.?  Our  Achilles’  heel  is  elementary  and  middle 
school  preparation.  We  are  not  getting  as  many 
people  prepared  to  go  into  technology  —  and  well 
prepared  to  go  into  technology  —  as  we  should. 

I  see  some  remarkable  accomplishments  happen¬ 
ing  in  strong  schools.  But  I  see  disaster  happening 
in  many,  many  schools.  I  think  there  are  organiza¬ 
tional  reasons  why  that’s  true.  I  think  the  teaching 
profession  is  not  paid  and  recognized  as  well  relative 
to  other  professions.  As  a  consequence,  I  don’t  think 
that  many  people  who  two  generations  ago  would 
have  gone  into  teaching  go  into  teaching  anymore. 

I  also  think  that  bureaucratic  requirements  put  on 
teachers  now  hamper  teaching  of  a  lot  of  substance. 

What  can  we  do  to  get  kids  more  interested  in 
technology?  The  critical  place  is  middle  school.  We’re 
doing  a  lot  of  things.  Lab  visits  where  people  go  out  and 
talk  to  the  schools.  We’re  doing  science  fairs;  we  bring 
people  into  our  labs.  The  scientific  community  is  really 
concerned  with  trying  to  get  more  people  interested. 

But  there  are  two  issues:  One  of  them  is  getting 
them  interested,  and  the  other  is  seeing  to  it  that 
they  get  the  mathematics  foundation,  particularly 
in  middle  school.  If  they  didn’t  get  the  algebra  at 
the  right  time,  or  they  got  turned  off  on  science,  the 
trouble  goes  on  and  on. 

-  Interview  by  Michael  Fitzgerald,  a  freelance  writer 
in  Millis,  Mass,  (michael@mffitzgerald.com) 


i 

t 


1&1®  DEVELOPER  PACKAGE 
■  5  FREE 


1&1®  HOME  PACKAGE 

■  2  FREE  Domains 

(.com,  .net,  .org,  .info  or  .biz) 

■  FREE  Private  Domain  Registration 

■  150  GB  Web  Space 

■  1&1  WebsiteBuilder 

■  1&1  Photo  Gallery 

■  1&1  Blog 

■  24/7  Toll-Free  Support 


1&1®  BUSINESS  PACKAGE 

■  3  FREE  Domains 

(.com,  .net,  .org,  .info  or  .biz) 

■  FREE  Private  Domain  Registration 

■  250  GB  Web  Space 
B  25  FTP  Accounts 

B  50  MySQL®  Databases 
B  1&1  WebStatistics 
B  24/7  Toll-Free  Support 


Domains 
(.com,  .net,  .org,  .info  or  .biz) 

■  FREE  Private  Domain  Registration 
B  300  GB  Web  Space 

■  50  FTP  Accounts 

B  100  MySQL®  Databases 
B  PHP  5/PHP  6  (beta)  Supported 
With  Zend®  Framework 
B  24/7  Toll-Free  Support 


SPECIAL  OFFER  3  MONTHS  FREE 


SPECIAL  OFFER  3  MONTHS  FREE 


SPECIAL  OFFER  3  MONTHS  FREE 


HURRY;  OFFER  ENDS  JUN 


Get  started  today,  call  1-877-GO-1AND1 


Included  domains  are  free  as  long  as  your  1&1  web  hosting  package  is  current  and  in  good  standing. 3  months  free  offer  valid  through  June  30. 2010,  a;  12  month  minirWn  copfra^t^m^al 
the  Home  Package,  and  S9.99  for  the  Business  Package  and  Developer  Package  apply.  Visit  wwwilandiicbm  for  full  promotional  offer  details.  Program  and  pricing  specifications  and  avaiiabilit 
without'  notice.  1&1  and  the  1&1  logo  are  trademarks  of  1&1  Internet  AG,  all  other  trademarks  are  the  property  of  their  respective  owners.  ©2010  1&1  Internet;  Inc  All  rights  reserved;/:.  ?  ,  {: 


IT’s  Human  Energy  Crisis 


Many  of 
the  IT  people 
I  meet  are 
exhausted. 


Thornton  May  is 

the  author  of 
The  New  Know: 
Innovation  Powered 
by  Analytics  and 
executive  director 
of  the  IT  Leadership 
Academy  at  Florida 
State  College  at 
Jacksonville. 


ORD  ASSOCIATION  TIME:  When  I  say  “IT  energy,”  what  do  you 
think  of?  After  everything  that’s  been  written  in  the  past  couple 
of  years  about  green  IT  and  the  amount  of  electricity  that’s 
needed  to  power  data  centers,  you  probably  think  first  about  the 


cost  of  our  profligate  energy  consumption. 

That’s  a  worthy  concern,  but  I  propose  that  the 
phrase  “IT  energy”  should  make  you  think  instead 
about  something  even  more  important:  the  vital 
human  energy  level  of  IT  leaders,  managers  and 
workers.  An  essential  question  for  all  IT  leaders 
to  ponder  is  whether  their  IT  organization  is 
exothermic  (that  is,  one  that  releases  positive 
energy)  or  endothermic  (one  that  sucks  energy  out 
of  the  enterprise).  Research  being  conducted  at 
the  IT  Leadership  Academy  and  the  CIO  Solutions 
Gallery  at  the  Fisher  College  of  Business  at  Ohio 
State  University  indicates  that  many  —  indeed, 
most  —  North  American  and  European  compa¬ 
nies  are  facing  a  major  human  energy  crisis  in  IT. 

Many  of  the  IT  people  I  meet  are  exhausted. 
Head  count  is  decreasing,  and  workload  is 
increasing.  User  expectations  and  regulatory 
requirements  are  expanding  exponentially.  A 
study  analyzed  the  impact  of  multitasking  and 
determined  that  most  digitally  aware  people  now 
work  a  43  hours  a  day  (that’s  not  a  typo;  it’s  serious 
multitasking).  It  is  very  understandable  that  IT 
people  are  tired.  And  tired  is  not  a  good  thing  in 
the  hyperaccelerated  world  we  are  heading  into. 

If  we  do  not  do  something,  the  IT  fatigue  factor 
will  get  worse.  An  emerging  trend  is  for  world- 
class  organizations  to  benchmark  IT  not  against 
line-of-sight  competitors  in  the  same  vertical 
market,  but  against  “best  imaginable”  practitio¬ 
ners.  The  IT  performance  bar  is  being  raised.  The 
question  is,  will  IT  have  the  energy  to  respond? 

Best-selling  author  Malcolm  Gladwell  recently 
took  a  look  at  successful  people  in  all  disciplines. 
He  concluded,  “If  you  look  closely  at  CEOs  —  the 
people  at  the  very  upper  echelons  of  corporations 
—  the  thing  that  is  most  striking  about  them  is 
their  physical  stamina.  At  the  end  of  the  day,  it 


is  that  quality,  perhaps  more  than  anything  else, 
that  is  separating  them  from  us.” 

Re-energizing  IT 

Next-generation  CIOs  will  have  to  manage  and 
increase  the  human  energy  levels  of  their  teams. 
Just  as  we  meter  devices  to  determine  their  energy 
consumption,  so  too  will  IT  leaders  meter  the  people, 
processes  and  technology  sets  deployed  in  the  en¬ 
terprise  to  determine  impact  on  IT  energy  level. 

Job  1  is  to  take  advantage  of  the  economic 
downturn  and  remove  from  the  enterprise  energy 
vampires  —  people  who  are  always  negative. 

Every  organization  has  them.  One  way  energy 
vampires  suck  the  energy  out  of  others  is  that 
they  are  so  negative,  more  positive  people  expend 
energy  trying  not  to  spend  time  with  them. 

Job  2,  on  the  process  side,  is  to  rationalize  IT 
finances.  A  major  energy  sink  and  morale-buster 
in  many  IT  organizations  is  the  lack  of  a  decent 
IT  accounting  system.  World-class  IT  accounting 
is  very  exothermic.  Knowing  your  costs  and  the 
value  that  IT  generates  for  the  business  releases 
all  kinds  of  positive  energy.  William  Miller,  the 
controller  at  Nationwide  Services  Co.,  has  created 
a  second-to-none  IT  accounting  system.  Diane 
Bryant  and  her  team  at  Intel  annually  publish  a 
report  of  the  value  that  IT  delivers. 

And  Charlie  Feld,  former  CIO  at  Frito-Lay, 

Delta  Airlines  and  Burlington  Northern  Santa  Fe 
Railroad  and  author  of  Blind  Spot:  A  Leader’s  Guide 
to  IT-Enabled  Business  Transformation,  sees  another 
problem.  He  believes  that  IT  has  become  danger¬ 
ously  overspecialized.  Having  to  work  through 
multiple  noncommunicating  silos  of  IT  expertise 
consumes  a  lot  of  energy. 

And  excessive  energy  consumption  is  as  detrimen¬ 
tal  in  the  IT  department  as  it  is  in  the  data  center.  ♦ 


14  COIWPUTERWORLD  JUNE  7,  2010 


-I 


As  an  Information  Technology  leader,  Morgan  Stanley 
recognizes  the  importance  of  innovation  and  excellence 
and  is  proud  to  sponsor  the 

Information  Technology 
Leadership  Award  for 
Global  Commerce 

and  the 

Computerworld  Honors  Laureate  Medal 
Recipients  for  Technology  Innovation 


Morgan  Stanley  congratulates  the  winners  of  this  year’s 
Information  Technology  Leadership  Award  for  Global  Commerce 


Pradeep  Sindhu 


Chief  Technology  Officer  and  Founder,  Juniper  Networks,  Inc. 

Morgan  Stanley  congratulates  our  Computerworld  Innovation 
Award  Nominees  for  the  acceptance  of  their  works  into  the 
Worldwide  Archives  of  the  Computerworld  Honors  Foundation 

BLADE  Network  Technologies,  Inc.  MicroStrain,  Inc. 


Clarity  Systems 
Corvil 

Kapow  Technologies 
Kx  Systems 


Savant  Protection 

Sendmail 

VirtualAgility 


BY  REPLACING  PHYSICAL  SERVERS 

WITH  VIRTUAL  ONES 


Principal  Technical  Architect 


tfiSl 


Microsoft 


KroU  Nchiol 


Kroll  Factual  Data  of  Loveland,  Colorado,  is  a  longtime  provider  of 
information  services  to  the  mortgage  industry.  The  firm  wanted  to 
optimize  its  server  infrastructure  to  better  meet  spikes  in  demand  and 
reduce  data  center  costs.  Kroll  Factual  Data  virtualized  its  data  center 
using  Windows  Server®  2008  and  Hyper-V™  technology,  consolidating 
650  servers  to  22.  It  further  streamlined  its  infrastructure  using 
Microsoft®  System  Center  data  center  solutions  to  monitor  and  manage 
its  physical  and  virtual  landscape,  and  Microsoft  Visual  Studio® 
development  tools  to  quickly  develop  applications. 

With  its  new  optimized  infrastructure,  the  company  can  grow  faster, 
scale  quickly  to  meet  customer  needs  and  dramatically  reduce  IT  costs. 
Kroll  Factual  Data  has  cut  annual  hardware  expenditures  by  tens  of 
thousands  of  dollars,  and  energy  costs  by  U.S.  $442,554  annually. 


T@  ctowitltaad  the  case 


Get  the  free  app  for  your  phone  at  http://gettag.mobi 

^Standard  messaging  and  data  charges  apply. 


mm  'm&mm 


■ 


.::::y 


m 


Wg&A 


m 


: 


■  m  . ' 


mumm 


^  -1 

^  at;  s 


. 

v^-v:-v  : 

mmsSml 


fflSi 


m 


mm 


■ 


iiilit 


aas***  ■  '-«® 


smses 


CLOUD 

SECURITY: 

Oxymoron? 


Here’s  how 
some  early 
adopters 
of  cloud 
computing  are 
approaching 
the  problem. 
By  Elisabeth 
Horwitt 


COVER  STORY 


FOR  LOGIQ*  INC.,  the  decision  to  go 
with  a  cloud-based  provider  of  infra¬ 
structure  as  a  service  (IaaS)  was  a 
matter  of  cost  and  flexibility. 

A  start-up  that  began  operations  in 
2006,  the  Toronto-based  life  reinsur¬ 
ance  management  firm  could  not 
afford  to  build  and  staff  a  data  center  from  scratch, 
according  to  David  Westgate,  Logiq3’s  vice  president 
of  technology.  So  the  company  instead  chose  cloud 
computing  and  managed  IT  services  provider  Blue- 
Lock  LLC  to  handle  its  data  needs. 

BlueLock’s  virtualized  environment  allowed  data 
and  volumes  to  move  between  systems  in  a  dynamic, 
low-cost  way  that  would  be  impossible  with  a  tradi¬ 
tional,  hosted  environment,  Westgate  says. 

There  were,  however,  security  concerns  to  be 
addressed  before  Logiq3  would  entrust  its  critical 
systems  to  BlueLock’s  cloud.  The  company  handles 


computerwori.d.comi  19 


COVER  STORY 


11813111 


,v.--  .  . 


Five  Tips  for 
Cloud  Security 


piiiMiiwgsaiMB 

live 

iVf?  ^  *  x  ,  •  fr: 


h  Find  out  as  much  as  you  can 
about  a  software-as-a-service 
provider’s  security  measures  and 
infrastructure,  if  you  plan  to  work 
with  an  infrastructure-as-a-service 
provider,  ask  what  tools  it  uses  to  pro¬ 
tect  virtual  environments, 

m  Encrypt  data  at  rest  and  in 
transit.  Otherwise,  don’t  put  sensitive 
information  in  the  cloud. 

m  Diwy  up  responsibilities  be¬ 
tween  your  administrators  and  the 
service  provider’s  administrators. 


so  no  one  has  free  access  across  all 
security  layers. 

. * . * . . 

Check  whether  a  vendor  has 
been  accredited  as  meeting  SAS  70 
Type  2  and  ISO  27001  security 
standards.  If  you’re  with  an  interna¬ 
tional  company,  check  for  European 
Safe  Harbor  accreditation  as  well. 

a  Go  with  a  high-end  service  pro¬ 
vider  with  an  established  security 
record.  “You  get  what  you  pay  for,’* 
sa/s  Ga, tnei  anaivst  Jay  Heise' 

-  ELISABETH  HORWITT 


death  records,  which  include  personal  information  like  social 
security  numbers,  as  well  as  financial  data  and  information  about 
major  assets  that  its  large  financial  customers  have  on  their  books. 

Although  Logiq3  isn’t  regulated  by  the  U.S.  government’s  Sarbanes- 
Oxley  Act,  its  customers  in  the  financial  sector  are,  “so  they’ll  be 
auditing  us,”  says  Westgate.  As  a  result,  Logiq3  needed  potential 
cloud  vendors  to  demonstrate  that  they  were  in  compliance  with 
applicable  regulations  and  could  provide  high  levels  of  security. 

Logiq3  is  far  from  alone.  While  security  and  compliance  issues 
crop  up  in  any  Web-based  outsourcing  arrangement,  businesses 
are  justifiably  concerned  about  putting  everything  in  a  virtual¬ 
ized  cloud.  It’s  a  comparatively  new  service  area  where  risks  are 
unknown  —  “which  in  itself  is  a  risk,”  says  Jay  Heiser,  an  analyst 
at  Gartner  Inc.  “If  I  can’t  figure  out  how  risky  something  is,  I 
have  to  assume  it  isn’t  secure.” 

The  extent  to  which  hackers  can  take  advantage  of  unique 
cloud  vulnerabilities  is  being  hotly  debated  among  IT  profession¬ 
als  like  those  in  the  Cloud  Security  Alliance’s  Linkedln  group. 

So  far,  there  have  been  few  instances  of  successful,  large-scale 
data  breaches  on  public  clouds.  Last 
winter,  however,  someone  managed 
to  set  up  the  Zeus  password-stealing 
botnet  inside  Amazon.com  Inc.’s 
ECz  cloud  computing  infrastructure 
by  first  hacking  into  a  Web  site  that 
was  hosted  on  Amazon  servers. 

In  other  words,  it’s  early  days  yet 
in  the  cloud  computing  industry. 

Cloud  vendors  are,  in  some  instanc¬ 
es,  playing  catch-up  on  the  security 
front,  and  IT  managers  are  trying  to 
figure  out  exactly  what  the  risks  are 
and  how  to  counter  them. 

20  COMPUTERWORLD  JUNE  7,  2010 


A  crucial  first  step  is  for  cloud-based 
service  providers  and  their  potential  clients 
to  sit  down  and  determine  who  will  have 
responsibility  for  securing  and  protecting 
specific  components  of  the  IT  infrastructure, 
which  often  spans  both  companies’  systems. 

Sometimes,  particularly  with  an  IaaS  pro¬ 
vider,  the  division  of  labor  is  negotiable.  For 
example,  Westgate  decided  to  let  BlueLock 
handle  Logiq3’s  patching  and  configuration 
management  because  he  was  familiar  with 
the  software  BlueLock  was  using,  a  tool  from 
Shavlik  Technologies  LLC. 

The  division  of  labor  between  Logiq3  and 
BlueLock  actually  strengthened  security, 
because  “no  one  person  or  company  has  all 
the  keys  to  the  kingdom,”  says  Westgate. 
Because  BlueLock  manages  the  firewall,  for 
example,  “none  of  my  admins  can  go  in  and 
decide  to  sell  or  move  the  data,”  he  notes. 
“And  BlueLock  admins  can’t  do  it  either, 
because  they  don’t  control  the  systems.” 

How  much  responsibility  lies  with  the 
cloud-based  service  provider  largely  depends 
on  the  type  of  service. 

With  an  IaaS  setup,  the  customer  is  usually 
responsible  for  protecting  everything  above  the  middleware  and 
APIs,  including  the  applications  and  operating  system,  says  Todd 
Thiemann,  senior  director  of  security  vendor  Trend  Micro  Inc.’s 
data  protection  group.  The  terms  of  service  for  Amazon’s  IaaS 
offering,  for  example,  state  that  the  customer  is  responsible  for 
protecting  the  data  it  puts  into  the  public  cloud,  he  adds. 

In  contrast  to  IaaS  arrangements,  in  software-as-a-service 
deals,  the  provider  is  usually  responsible  for  protecting  whatever 
customer  applications  and  data  reside  on  its  cloud.  That  setup 
often  works  well  for  budget-challenged  businesses,  because  it 
gives  them  access  to  advanced  security  technologies  and  re¬ 
sources  that  they  might  not  be  able  to  afford  in-house. 

IBM’s  LotusLive  SaaS  offering,  for  example,  uses  “the  same  stan¬ 
dards,  security,  compliance  and  governance  we  use  to  run  major 
business  systems  for  some  very  large  and  important  companies,” 
says  Sean  Poulley,  IBM’s  vice  president  of  online  collaboration 
services.  LotusLive  data  centers  are  protected  by  physical  and 
biometric  controls,  including  closed-circuit  TV.  Access  control  is 
handled  by  IBM’s  enterprise-scale  Tivoli  software. 

However,  many  providers  of 
cloud-based  services  —  particu¬ 
larly  SaaS  vendors  —  feel  that  their 
security  practices  and  technologies 
give  them  a  competitive  advantage, 
so  they  don’t  like  to  talk  about  how 
they  approach  security.  That  means 
companies  have  to  take  the  vendor’s 
word  that  its  systems  are  indeed 
secure  and  compliant. 

“Vendors  have  done  little  to 
accommodate  security  risk  evalua¬ 
tion,”  says  Gartner’s  Heiser.  “They 
Continued  on  page  22 


[Cloud  vendors]  may  have 
incredibly  secure  and  robust 
systems,  but  there’s  no 
sensible  way  to  ensure  this. 

JAY  HEISER,  ANALYST,  GARTNER  INC. 


For  enterprises  of  any  size  that  need  to  scale  on  demand,  we  have  the  best  solution  on  your  horizon. 
Combine  the  proven  stability  of  SoftLayer®  dedicated  servers  with  the  massive  scalability  of  our 
CloudLayer™  Computing  Instances.  They  integrate  seamlessly  (and  deploy  on  the  fly)  to  create  a 
unified  computing  environment  with  unparalleled  efficiency  and  interoperability. 

Now,  not  even  the  sky's  the  limit.  Learn  more  at  www.softlayer.com. 


SOFTLAYER* 


©  2010  SoftLayer  Technologies,  Inc. 


COVER  STORY 

Continued  from  page  20 

may  have  incredibly  secure  and  robust  systems,  but  there’s  no 
sensible  way  to  ensure  this.” 

Security  accreditation  standards  such  as  ISO  27001  and 
SAS  70  Type  2  provide  some  assurance,  he  adds,  noting  that 
“27001  is  more  relevant  to  cloud  security  issues  but  weak  when 
applied  to  new  forms  of  technology.” 

Playing  Nicely  Together 

Many  SaaS  vendors  are  understandably  reluctant  to  have  a  cus¬ 
tomer  insert  third-party  security  products  into  their  proprietary 
platforms,  even  if  it’s  just  an  agent  that  would  permit  a  custom¬ 
er’s  security  system  to  interact  with  theirs. 

For  example,  Pfizer  Inc.  had  outsourced  some  security  services 
to  D3  Security  Management  Systems  Inc.  and  was  interested  in 
using  Oracle  Corp.’s  Access  Manager  in  D3S  incident  management 
applications.  But  D3  expressed  concerns  about  installing  Oracle 
agents  on  its  systems,  says  Kurt  Anderson,  the  pharmaceutical 
company’s  manager  of  global  operations  business  technology. 

Anderson  solved  the  problem  by  using  Symplified  Inc.’s  Single- 
Point  Cloud  Access  Manager,  which  does  not  use  an  agent  but 
rather  interacts  with  D3S  published  APIs,  he  says. 

Since  IaaS  customers  technically  own  their  virtualized  slice  of 
a  vendor’s  infrastructure,  they  can  install  security  software  and 
controls.  However,  only  a  few  vendors  provide  products  that  can 
protect  both  private-  and  public-cloud-based  environments. 

One  such  product  is  Trend  Micro’s  Deep  Security  7.  Once  its 
agent  is  installed  in  a  private  or  public  cloud  infrastructure,  it 
can  perform  deep  packet  inspection,  monitor  event  logs  and 
monitor  system  activity,  such  as  file  changes,  for  unauthorized 
actions,  Thiemann  says. 

Shavlik,  a  vendor  that  provides  systems 
management  for  private  cloud  installations, 
tackles  public  cloud  security  from  a  different 
angle.  It  licenses  its  patch  and  configuration 
management  and  compliance-monitoring 
software  to  cloud-based  service  providers  — 
including  its  own  IaaS  provider,  says  Mark 
Shavlik,  the  company’s  CEO. 

Cloud-based  service  providers  are  catch¬ 
ing  on  to  the  fact  that  using  an  established 
commercial  security  product  can  attract 
customers.  For  Logiq3’s  Westgate,  BlueLock’s 
use  of  Shavlik ’s  software  was  a  definite  selling 
point.  “I  am  very  familiar  with  Shavlik.  I’ve 
been  using  it  for  patch  and  configuration 
management  for  years,”  he  says. 

The  dynamic,  flexible  resource  provisioning 
that  makes  virtualization  and  cloud  services 
so  attractive  to  cost-challenged  IT  executives 
also  makes  it  difficult  to  track  where  data  is 
located  at  any  given  time,  and  who  is  access¬ 
ing  it.  This  is  true  in  private  clouds,  and  even 
more  so  in  public-cloud-based  systems,  where 
access  control  has  to  be  correlated  between 
the  customer  and  the  service  provider  —  and 
often  several  service  providers. 

Pfizer  uses  Symplified’s  Single  Point  Cloud 
Access  Manager  to  provide  single  sign-on 


. 

functionality  across  different  SaaS  providers  and  applications. 

When  an  end  user  moves  between  an  Oracle-  and  a  Symplified- 
managed  domain,  for  example,  he  has  to  log  on  again,  but  he  can 
use  the  same  credentials,  Anderson  says. 

Symplified  and  Ping  Identity  Corp.  are  two  vendors  that  cur¬ 
rently  provide  single  sign-on  systems  for  both  internal  and  SaaS 
cloud-based  applications,  using  federated  identity  technology  that 
coordinates  user  identity  and  access  management  across  multiple 
systems.  However,  Anderson  feels  that  it’s  up  to  the  SaaS  vendors 
to  adopt  a  more  holistic  and  standardized  form  of  access  manage¬ 
ment  so  the  customer  will  no  longer  have  to  bear  that  burden. 

Another  access  management  concern  when  dealing  with  a 
cloud-based  service  —  or  any  outsourced  service,  for  that  matter 
—  is  how  to  ensure  that  the  service  provider’s  system  administra¬ 
tors  don’t  abuse  their  access  privileges.  Again,  SaaS  customers 
don’t  have  a  lot  of  control  or  oversight  regarding  how  the  service 
provider  addresses  that  issue.  IaaS  providers,  in  contrast,  will 
often  allow  a  customer  to  install  event  log  monitoring  software 
on  their  virtualized  portion  of  the  infrastructure. 

Logiq3,  for  instance,  uses  Sentry  Metrics  Inc.’s  security  event 
management  service,  which  monitors  event  logs,  performs  trend 
analysis  and  reports  on  anomalies.  So  the  Sentry  Metrics  system 
could,  for  example,  alert  Logiq3  when  a  BlueLock  administrator 
logs  on  but  hasn’t  been  given  a  specific  job  to  do,  Westgate  says. 

Customer  control  and  monitoring  of  a  carrier’s  cloud  can  only  go 
so  far,  however,  no  matter  what  the  type  of  service.  So  how  do  you 
ensure  that  sensitive  data  is  adequately  secured  and  protected? 

Service-level  agreements  with  monetary  penalties  don’t  cut 
it,  says  Pfizer’s  Anderson,  especially  for  a  Fortune  50  company, 
since  “the  small  amount  they  get  back  is  a  pittance”  compared 

Continued  on  page  24 


ISSiiiS 


Mmmm 


About  Cloud  Risks 


iliifSi 


Many  companies  that  want  the  cost  benefits  of  cloud-based  services  but  still  have  se¬ 
curity  concerns  tell  their  end  users  not  to  put  sensitive  data  into  the  cloud.  But  that’s 
generally  an  exercise  in  futility,  according  to  Gartner  analyst  Jay  Heiser. 

“The  problem  is  that  users  often  don’t  know  what’s  sensitive  and  probably  won’t 

follow  the  rules  anyway,"  Heiser  says.  “You  can  assume 
that  any  application  or  data  service  end  users  can 
pump  with  data  will  get  sensitive  data  eventually.” 

Pfizer  is  in  the  process  of  establishing  a  SaaS  center 
of  excellence  to  educate  users  about  the  correct  way 
to  use  SaaS  systems,  says  Kurt  Anderson,  the  phar¬ 
maceutical  company’s  manager  of  global  operations 
business  technology. 

In  addition,  Anderson’s  group  is  establishing  best 
practices  for  procurement  of  SaaS.  Among  other 
things,  those  best  practices  forbid  applications  that 
involve  competitive  or  personally  identifiable  informa¬ 
tion  from  being  included  in  a  SaaS  setup. 

-  ELISABETH  HORWITT 


22  COMPUTERWORLD  JUNE  7,  2010 


Join  us  in 
the  Inner  Circle. 

The  Computerworld  Inner  Circle  Research  Panel  was  established  as  a  way 
for  members  of  the  IT  community  to  share  information  and  gain  insight  into 
various  technology  topics,  including  new  initiatives  and  top  issues  faced  by 
IT  professionals  and  executives. 

Inner  Circle  panel  members  get  exclusive  access  to  results  of  the  surveys 
on  the  panel  site  at:  www.computerworldinnercircle.com,  and  are  eligible  for 
some  nice  cash  and  prize  giveaways  for  their  participation.  We  look  forward  to 
hearing  your  input! 

Join  for  Free! 

To  register  as  a  panel  member,  visit  www.computerworld.com/haic 


RESEARCH  PANEL 


COVER  STORY 


Five  Tips  for  Picking 

A  Cloud  IT  Provider 

. 

Cara  Besion,  a  partner  at  PricewaterhouseCoopers,  says  companies  should 
select  a  cloud  services  provider  with  the  following  characteristics: 


a  Commitment  to  service-1 
agreements.  Find  a  provider  that’s 
willing  to  negotiate  an  SLA  that  meets 
your  needs.  Make  sere  you  can  live 
with  its  guaranteed  uptime,  and  don’t 
pay  tor  capacity  you  won't  use.  Learn 
exactly  how  you  wiif  be  billed,  s  ,  1 


' 


m  Security  and  privacy  expertise. 

There’s  no  security  panacea,  butsee 
if  the  vendor  can  tailor  security  to  fit 
the  specific  risks,  size  and  regulatory 
climate  of  your  operation. 

m  Regular  checkups.  Choose  a 


pr- wider  rhac  gets  pei  iocIk  audits  by  a 
qualified  third  party.  -  JJjj 

»  Full  disclosure.  A  trustworthy 
wni  piompr!',  s’cr-'L.i  t  ar.  ■ 
jor  security  breaches  and  threats  -  and 
provide  details  about  its  response  plan. 


m  Financial  stability.  Your  provider 
should  have  the  financial  stamina  to 
keep  your  systems  up  and  running 
for  the  long  haul.  Check  out  its  bal¬ 
ance  sheet,  investors  and  long-term 
spects. 

t/iTiH  arms 


SMfagfiii 

feMNwi 


Continued,  from  page  22 

with  the  cost  of  a  major  security  breach. 

Therefore,  due  diligence  is  critical,  Anderson  says.  Pfizer  uses 
SAS  70  Type  2  certification,  in  which  an  independent  third  party 
audits  the  service  provider’s  internal  and  data  security  controls. 
Anderson  also  verifies  the  vendor’s  level  of  compliance  with  Eu¬ 
rope’s  Safe  Harbor  privacy  rules,  and  he  checks  Dun  &  Bradstreet 
research  to  make  sure  it’s  legitimate. 

The  ISO  27001  security  standard,  for  its  part,  defines  best 
practices  for  designing  and  implementing  secure  and  compliant 
IT  systems. 

While  such  standards  provide  a  useful  starting  point,  their 
criteria  tend  to  be  generic,  says  Gartner’s  Heiser.  Companies 
still  need  to  match  a  service  provider’s  specific  controls  to  their 
specific  requirements,  he  adds. 

For  example,  after  checking  out  BlueLock’s  SAS  70  Type  2 
accreditation,  Logiq3’s  IT  staff  did  a  further  evaluation  to  “make 
sure  the  controls  we  require  are  supported  by  the  controls  they 
have  in  place,”  Westgate  says.  His  team  then  followed  up  on 
discrepancies,  identifying  missing  controls  and  working  with  the 
vendor  on  solutions.  The  company  plans  to  repeat  the  process  at 
least  once  a  year,  he  says. 

The  Daisy  Chain 

Basic  security  tasks  such  as  access  control  and  rights  manage¬ 
ment  become  even  more  complicated  when,  as  often  happens, 
a  SaaS  provider  outsources  its  infrastructure  or  development 
platform  to  another  cloud-based  service  provider  —  adding  yet 
another  variable  to  the  equation. 

Take  the  case  of  Cloud  Compliance  Inc.,  which  provides  access 


control  monitoring  services  for  private  cloud 
environments.  The  company  entrusted  its 
infrastructure  to  Amazon  because  it’s  the 
most  proven  service  provider,  according  to 
Cloud  Compliance  founder  Robbie  Forkish. 
However,  he  acknowledges  that  the  arrange¬ 
ment  introduces  potential  security  problems. 
“There  are  certain  areas  where  we,  as  a  con¬ 
sumer  of  their  services,  need  to  fill  in  security 
capabilities  they  lack”  in  order  to  meet  Cloud 
Compliance’s  internal  security  requirements 
and  to  reassure  its  customers. 

For  example,  the  company  encrypts  data 
in  transit  and  gives  customers  the  option  of 
either  encrypting  data  at  rest  —  on  Cloud 
Compliance’s  Amazon-hosted  servers  —  or 
not  putting  any  data  in  the  cloud. 

The  latter  option  involves  a  performance 
hit,  since  customers  have  to  reupload  data  into 
the  cloud  every  time  an  application  is  run,  but 
some  customers  accept  that  trade-off  in  return 
for  a  higher  level  of  security,  Forkish  notes. 

Cloud  Compliance’s  external  customers  do 
ask  about  Amazon’s  security,  Forkish  says.  The 
concerns  they  raise  change  from  month  to 
month,  depending  on  what  vulnerabilities  the 
press  has  been  writing  about,  he  adds.  Cloud 
Compliance  will  either  address  their  concerns 
or,  if  it  can’t,  pass  them  on  to  Amazon. 

“In  some  cases,  we  don’t  get  a  response,  and  we  figure  this  is 
a  real  issue  but  they’re  working  on  it,”  Forkish  says.  But  the  Zeus 
botnet  incident  on  Amazon,  he  says,  “as  far  as  we  can  tell,  was 
not  a  threat  over  and  above  what  we  would  expect  for  an  Internet 
service,  cloud-based  or  not.” 

Compliance  Challenges 

Public  clouds  add  a  whole  new  set  of  issues  to  regulatory  compli¬ 
ance  —  issues  that  providers,  users  and  regulators  themselves  are 
just  starting  to  look  at.  HIPAA  and  Sarbanes-Oxley  privacy  and 
data-retention  requirements  weren’t  designed  with  cloud-based 
services  in  mind. 

“IT  staffs  have  to  figure  out  new  ways  to  analyze  and  assess 
risk,  and  how  to  meet  compliance  requirements,”  Forkish  notes. 
“Many  compliance  standards  require  being  able  to  point  to  where 
data  is,  which  is  impossible  with  a  cloud.  And  there’s  legal  dis¬ 
covery  —  getting  access  to  data  when  required.  Can  discovery  be 
done  by  a  third  party  without  your  knowledge  because  it  resides 
on  cloud  storage?  These  are  examples  of  things  I  think  will  be 
worked  out  over  the  next  couple  of  years.” 

In  the  meantime,  Forkish  suggests,  many  businesses,  espe¬ 
cially  those  in  highly  regulated  industries,  will  entrust  their 
sensitive  data  to  private  clouds  or  traditional  managed  services 
“and  maintain  the  status  quo.” 

And  then  there  are  the  pioneers,  like  Logiq3’s  Westgate,  who 
says  he  sees  cloud  computing  as  “a  natural  evolution  of  how  we 
are  managing  systems.”  The  key  question  about  this  evolution,  he 
says,  “is  not  why,  but  why  not?”  « 

Horwitt  is  a  freelance  reporter  and  former  Computerworld  senior 
editor  based  in  Waban,  Mass.  Contact  her  at  ehorwitt@verizon.net. 


24  COMPUTERWORLD  JUNE  7,  2010 


Growth  is  in. 

Cost  savings  is  in. 

Efficiency  is  in. 

iiueic-i  U.!n. 


Microsoft's  cloud  services  are  helping  some  of, 
the  world's  leading  companies  succeed.  We  n  |  - 


jgM 

I  I 

y-w&y- 
Wig'*  '.Mt- ' 

l^wggt^pVBV.'.^,  T&fc- 

mmm 


% 

I 

rasHSI 

f 


ft  2k 


life 

llRlIfe 

is®:: 


less  v 


*;  u 

■-I  <<?■  - ■  ' 


Snap  this  tag  to  get  the  latest  news 
on  Microsoft's  cloud  services. 


Get  the  free  app  for  your  phone  at 

http://gettag.mobi 


..earo  more 


Microsoft' 


WW4  iHKf* 

-,  ■  ' 


mm 

,  .*  •-' 

MBffWIiffr  \-.i! 


<.'*  *>/  t' 
. 


WHYTHE 
ERA  OF 
PACKING 
MORE 
SERVERS 
INTO  THE 
SAME 
SPACE 
MAY  HAVE 
TO  END. 

BY  ROBERT  L. 
MITCHELL 


DATA  CENTERS 

INDUSTRIAL  LIGHT  &  MAGIC  has 

been  replacing  its  servers  with 
the  hottest  new  IBM  Blade- 
Centers  —  literally,  the  hottest. 
For  every  new  rack  ILM  brings 
in,  it  cuts  overall  power  use  in 
the  data  center  by  a  whopping 
140  kilowatts  —  a  staggering 
84%  drop  in  overall  energy  use. 
But  power  density  in  the  new  racks  is 
much  higher:  Each  consumes  28  kW  of 
electricity,  versus  24  kW  for  the  previous 
generation.  Every  watt  of  power  consumed  is 
transformed  into  heat  that  must  be  removed 
from  each  rack  —  and  from  the  data  center. 

The  new  racks  are  equipped  with  84 
server  blades,  each  with  two  quad-core 
processors  and  32GB  of  RAM.  They  are 
powerful  enough  to  displace  seven  racks  of 
older  BladeCenter  servers  that  the  special- 
effects  company  purchased  about  three 
years  ago  for  its  image-processing  farm. 

To  cool  each  new  42U  rack,  ILM’s  air 
conditioning  system  must  remove  more 
heat  than  would  be  produced  by  nine 
household  ovens  running  at  the  highest 
temperature  setting. 

These  days,  most  new  data  centers 
have  been  designed  to  support  an  average 
density  of  100  to  200  watts  per  square  foot, 
and  the  typical  cabinet  is  about  4  kW,  says 
Peter  Gross,  vice  president  and  general 
manager  of  Hewlett-Packard  Co.’s  Critical 
Facilities  Services.  A  data  center  designed 
for  200  watts  per  square  foot  can  support 
an  average  rack  density  of  about  5  kW.  With 
carefully  engineered  airflow  optimizations, 
a  room  air  conditioning  system  can  support 
some  racks  at  up  to  25  kW,  he  says. 

At  28  kW  per  rack,  ILM  is  at  the  upper 
limit  of  what  can  be  cooled  with  today’s 
computer  room  air  conditioning  systems, 


COMPUTERWORLD.COM  27 


DATA  CENTERS 


Energy-Saving  Tips 
For  tne  Data  Center 

Refresh  your  severs!  Each  new  generation  of  servers  delivers  more  proc¬ 
essing  power  per  square  foot  -  and  per  unit  of  power  consumed.  For  every 
new  BladeCenter  rack  Industrial  Light  &  Magic  has  installed,  it  has.  been  able 
to  retire  seven  racks  of  older  blade  technology.  Total  power  savings:  140  kW. 

Charge  users  foriiower,  not  just  space.  “You  can  be  more  efficient  if 
you’re  getting  a  power  consumption  model  along  with  square-footage  cost,” 
says  lan  Patterson,  CIO  at  Scottrade. 

««»••«•««*  •  V*  *  »  «  *  •  «  «.*•».♦  8  *  •»:*  »99*8»ft*****«»»*ft*  *'«««*  *«*•*«•* 

Use  hot  ai$|e/co?d  fisle deStgjis,  Good  designs,  including  careful  place¬ 
ment  of  perforated  tiles  to  focus  airflows,  can  help  data  centers  keep  cabi¬ 
nets  cooler  and  turn  the  thermostat  up. 

®"a  »  «  •«#«(«»  a  *  ®  ®\»  ®  «  «  »  «  *  *  «  *  ®:,»  *;®  a.®  0  «?•.  a  *  0  *  a  «  «  »  a  »  »  ■»  a  a  ©  ft  *  *  ©  ft  a  8  as  *  «  * 

Look  for  the  most  efticiejitily'  designed  servers.  Hardware  that  meets 
the  EPA’s  Energy  Star  specification  offers  features  such  as  power  manage¬ 
ment,  energy-saving  power  supplies  and  variable-speed  fans.  It  may  cost 
more  upfront,  but  it  typically  costs  less  to  operate  over  the  long  haul. 

»•«**••«*••**  ft  ft'*  *  9  «  *  ft  9  «  *  **«s«»*89«**9«  ♦  *  •®ft«»»»***9#ft 

Consider  cold-aisle  containment.  Once  you  have  a  hot  aisle/cold  aisle 
design,  the  next  step  for  cabinets  exceeding  about  4  kW  is  to  use  cold-aisle 
containment  techniques.  This  may  involve  closing  off  the  ends  of  aisles  with 
doors,  using  ducting  to  target  cold  air  and  installing  barriers  atop  rows  to 
prevent  hot  air  from  circulating  over  the  tops  of  racks. 

Use  variable-speed  fans.  Computer  room  air  conditioning  systems  rely 
on  fans,  or  air  handlers,  to  push  cold  air  in  and  remove  hot  air  from  the 
space.  A  reduction  in  fan  speed  of  12.5%  cuts  power  use  in  half. 

•  #»&*'«  «■»  •*  *  ®  ft  8  *  ft  ft  ft  *  ft  *■»  ft  @  ft  ft  ft  ft  ft  ft  ft  ft  *  ft  *  ®  «  ■»  *  *  «  *•*  *  9 

Turn  on  power  management  Most  servers  ship  with  energy-saving  tech¬ 
nologies  that  do  things  like  control  cooling-fan  speeds  and  step  down  CPU 
power  during  idle  times,  but  it’s  not  turned  on  by  default  -  and  many  data 
centers  still  don’t  enable  it.  Consider  enabling  it  by  default,  except  in  environ¬ 
ments  where  high  availability  and  fast  response  times  are  mission-critical. 

&  »  e>  s  «  a  *  o  a  *  &  «  a  ®  »  ®  «  ®  »  «  *  «  ®  «  «  «.»  »  »  «  s  4®  «  ®  *>  a  «  ®  ft  «  •*  «  ft  «  a  «  ******«•• 

Create  zones.  Break  the  data  center  floor  into  autonomous  zones,  where 
each  block  of  racks  has  its  own  dedicated  power  and  cooling  resources. 
Zoning  involves  careful  separation  of  hot  and  cold  air  but  usually  doesn’t 
require  that  an  area  be  physically  partitioned  off. 

*  *  *  *  *  #  *  *  *  *  9  *  *  *  *  ft  ft  *  9  *  ft  ft  «  ft  899  0  *  *  9  0  4  9  «  ft  *•  *  ft  ft  ft  *  *  » 

Douse  hot  spots  with  closely  coupled  cooling.  A  series  of  high-power- 
density  racks  can  create  a  hot  spot  that  the  room  air  conditioning  system 
can't  handle,  or  that  forces  IT  to  overcool  the  entire  room  to  address  a 
few  cabinets.  In  those  cases,  consider  supplemental  spot-cooling  systems. 
These  require  piping  chilled  liquid  -  either  water  or  glycol  -  to  a  heat 
exchanger  that’s  either  attached  or  adjacent  to  a  high-density  cabinet. 

•  «•••«••«•«»*#*»«*  ’**«**•«  ®  ft 'ft  *  9  0  »  ®  9  «  '«  •  «  «'®  »  8  «»««#*** 

Retrofit  for  efficiency.  While  new  data  center  designs  are  optimized  for 
cooling  efficiency,  many  older  ones  still  have  issues.  If  you  haven’t  done  the 
basics,  optimizing  perforated-tile  placements  in  the  cold  aisle  or  putting 
blankets  over  cabling  in  the  floor  spqce  are  good  places  to  start. 

•  ««••«•  •.«  a  a  998ft*****  *.*»'*  9  *  »  *  «  *  *  «  *  »  ft  •  •«*«».*»«  8,8  99*88908 

5  "y  .  ‘  '  •  - T;  ■i'S'fS'V.--  ■  ’  ■  >. 

install  temperature  monitors.  It’s  not  enough  to  monitor  the  room  tem¬ 
perature.  Adding  more  sensors  allows  better  control  in  the  row  or  rack. 

*■$«*•«  *  «  *  a  *  •.  •  ♦  ft  •  •  9  •  *  9  *.*  •  ft.*'  *  «'*'*  990  «  9  ft  ft  «  '»  »  ft  *  *_*•*  • ’ft.  *««&«»*»«  «-. ft  ee 

Turn  up  the  heat.  The  key  to  raising  efficiency  is  increasing  your  intake 
temperatures  on  the  cabinets.  The  higher  the  intake  temperature,  the 
more  energy-efficient  the  data  center.  While  you  probably  can’t  cool  an 
entire  cabinet  with  the  room  set  at  81  degrees  at  the  intake,  you  probably 
don’t  need  to  be  setting  the  temperature  as  low  as  65,  either. 

-  ROBERT  L.  MITCHELL 


says  Roger  Schmidt,  an  IBM  fellow  and  chief  engineer  for  data 
center  efficiency.  “You’re  hitting  the  extreme  at  30  kW.  It  would 
be  a  struggle  to  go  a  whole  lot  further,  he  says. 

Is  This  Sustainable? 

The  question  is,  what  happens  next?  In  the  future,  are  watts 
going  up  so  high  that  clients  cant  put  that  box  anywhere  in  their 
data  centers  and  cope  with  the  power  and  cooling?  We  re  wrestling 
with  that  now,”  Schmidt  says.  High-density  computing  beyond 
30  kW  will  have  to  rely  on  water-based  cooling,  he  says.  But  other 
experts  say  that  data  center  economics  may  make  it  cheaper  for 
many  organizations  to  spread  out  servers  rather  than  concentrate 
them  in  racks  with  ever-higher  energy  densities. 

Kevin  Clark,  director  of  information  technologies  at  ILM, 
likes  the  gains  in  processing  power  and  energy  efficiency  he 
has  achieved  with  the  new  BladeCenters,  which  have  followed 
industry  trends  to  deliver  more  bang  for  the  buck.  According  to 
IDC,  the  average  server  price  since  2004  has  dropped  18%,  while 
the  cost  per  core  has  dropped  by  70%,  to  $715. 

But  Clark  wonders  whether  continually  doubling  compute 
density  is  sustainable.  “If  you  double  the  density  on  our  current 
infrastructure,  from  a  cooling  perspective,  it’s  going  to  be  dif¬ 
ficult  to  manage,”  he  says. 

He’s  not  the  only  one  who’s  concerned.  For  more  than  40 
years,  the  computer  industry’s  business  model  has  been  built  on 
the  assumption  that  Moore’s  Law  will  prevail  and  that  compute 
density  will  double  every  two  years  in  perpetuity.  Now  some  en¬ 
gineers  and  data  center  designers  question  whether  that’s  feasible 
—  and  whether  a  threshold  has  been  reached. 

The  threshold  isn’t  just  about  whether  chip  makers  can  over¬ 
come  the  technical  challenges  of  packing  transistors  even  more 
densely,  but  whether  it  will  be  economical  to  run  large  numbers 
of  extremely  high  density  server  racks  in  modern  data  centers. 

The  newest  equipment  concentrates  more  power  into  a  smaller 
footprint  on  the  raised  floor,  but  the  infrastructure  needed  to 
support  every  square  foot  of  high-density  compute  space  — 
including  cooling  systems,  power  distribution  equipment,  UPSs 
and  generators  —  is  getting  proportionally  larger. 

Data  center  managers  are  taking  notice.  In  a  2009  IDC  survey 
of  1,000  IT  sites,  21%  of  the  respondents  ranked  power  and 
cooling  as  the  No.  1  data  center  challenge.  Nearly  half  (43%) 
reported  increased  operational  costs,  and  one-third  said  that  they 
had  experienced  server  downtime  as  a  direct  result  of  power  and 
cooling  issues. 

Christian  Belady  is  the  lead  infrastructure  architect  in  Micro¬ 
soft  Corp.’s  Global  Foundation  Services  group,  which  designed 
and  operates  the  company’s  newest  data  center  in  Quincy,  Wash. 

He  says  the  cost  per  square  foot  of  a  raised  floor  is  too  high.  In  the 
Quincy  data  center,  he  says,  infrastructure  costs  accounted  for  82% 
of  the  total  project.  “We’re  beyond  the  point  where  more  density 
is  better,”  Belady  says.  “The  minute  you  double  compute  density, 
you  double  the  footprint  in  the  back  room.” 

As  compute  density  per  square  foot  increases,  overall  electro¬ 
mechanical  costs  tend  to  stay  about  the  same,  Gross  says.  But 
because  power  density  also  increases,  the  ratio  of  electromechan¬ 
ical  floor  space  needed  to  support  a  square  foot  of  high-density 
compute  floor  space  also  goes  up. 

IBM  s  Schmidt  says  the  cost  per  watt,  not  the  cost  per  square 

Continued  on  page  30 

28  COMPUTERWORLD  JUNE  7,  2010 


inside 


Outcomes  that  matter. 

Register  to  download  the  IDC 
white  paper  Managing  the  Server 
Migration  Process: 

The  HP  Approach  to  Reducing 
Operational  Costs  at 
hp.com/servers/ fastforward3 
or  call  800-282-6672. 


HP  ProLiant  DL380  G7  Server 

•  Intel®  Xeon®  Processor  E5620 

•  6  GB  memory,  up  to  192  GB  Max 

•  Up  to  8  small  form  factor  high-performance  SAS  hard  drives  with  standard 
cage.  Or  up  to  16  SFF  or  6  LFF  hard  drives  with  optional  drive  cages. 

•  Integrated  Lights-Out  3  (iLO  3)  providing  industry-leading  management  and 
powerful  administration 

$2,899  (Save  $339) 

Lease  for  just  $77/mo.* 

Smart  (PN:  605877-005) 


’Based  on  HP  internal  testing  comparing  the  HP  ProLiant  DL380  G4  to  HP  ProLiant  DL380  G 7. 

2HP  insight  Migration  Software  ana  HP  Insight  Remote  Support  automate  most  migration  and  monitoring  tasks. 

Intel,  the  Intel  logo,  Xeon,  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  U.S.  and  other  countries. 

*  Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes 
or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount  and  are  good  while  supplies  last.  All  featured  offers  available  in 
U.S.  only.  Savings  based  on  HP  published  list  price  of  configure-to-order  equivalent  (DL  Server:  $3,238-$339=SmartBuy  price  of  $2,899.)  Financing  available 
through  Hewlett-Packard  Financial  Services  Company  and  its  subsidiaries  (HPFSC)  to  qualified  commercial  customers  in  the  U.S.  and  is  subject  to  credit  approval 
and  execution  of  standard  HPFSC  documentation.  Prices  shown  are  based  on  a  lease  48  months  in  term  with  a  fair  market  value  purchase  option  at  the  end  of 
the  term  and  are  valid  through  July  31,  2010.  Other  rates  apply  for  other  terms  and  transaction  sizes.  Financing  is  available  on  transactions  greater  than  $349. 
Other  charges  and  restrictions  may  apply.  HPFSC  reserves  tne  right  to  change  or  cancel  this  program  at  any  time  without  notice.  This  offer  cannot  be  combined 
with  any  other  rebate,  discount  or  promotion  without  prior  approval  by  HP  and  HPFSC.  Rates  are  based  on  customer's  credit  rating,  financing  terms,  offering 
types,  equipment  type  and  options.  Not  all  customers  may  aualify  for  these  rates.  Other  restrictions  may  apply. 

Copyright  ©  2010  Hewlett-Packard  Development  Company,  L.P. 


Powerful. 

Intelligent. 


20  YEARS 

OF  x86  SERVER  INNOVATION 


server  ROI. 


Next  generation  HP  ProLiant  Servers  not  only 
pay  for  themselves,1  they  migrate  and  monitor 
themselves  too? 

•  Accelerated  ROI  in  as  little  as  2  months 

•  20  to  1  server  consolidation  ratio 

•  Accurate,  automated  server  migration 

•  Free  24/7  remote  support 


HP  ProLiant  DL380  G7  Servers  powered 
by  Intel1'  XeGn1'1  processor  5600  series 
lay  the  foundation  for  the  HP  Converged 
Infrastructure.  So  you  can  spend  less 
time  managing  IT  and  more  time 
innovating. 


DATA  CENTERS 


Continued  from  page  28 

foot,  remains  the  biggest  construction  expense 
for  new  data  centers. 

“Do  you  hit  a  power  wall  down  the  road 
where  you  can’t  keep  going  up  this  steep 
slope?  The  total  cost  of  ownership  is  the 
bottom  line  here,”  he  says.  Those  costs 
have  for  the  first  time  pushed  some  large 
data  center  construction  projects  past  the 
$1  billion  mark.  “The  C-suites  that  hear  these 
numbers  get  scared  to  death  because  the  cost 
is  exorbitant,”  Schmidt  says. 

Ever-higher  energy  densities  aren’t  sustain¬ 
able  from  an  energy  use  or  cost  perspective, 
says  Rakesh  Kumar,  an  analyst  at  Gartner 
Inc.  Fortunately,  most  enterprises  still  have 
a  ways  to  go  before  they  see  average  per-rack  loads  in  the  same 
range  as  ILM’s.  About  40%  of  Gartner’s  enterprise  customers  are 
pushing  beyond  the  range  of  8  to  10  kW  per  rack,  and  some  are  as 
high  as  12  to  15  kW  per  rack.  But  those  numbers  are  creeping  up. 

In  response,  some  enterprise  data  centers,  and  managed  services 
providers  like  Terremark  Inc.,  are  monitoring  power  use  and  fac¬ 
toring  it  into  what  they  charge  for  data  center  space.  “Were  moving 
toward  a  power  model  for  larger  customers,”  says  Ben  Stewart, 
senior  vice  president  of  engineering  at  Terremark.  “You  tell  us  how 
much  power,  and  we’ll  tell  you  how  much  space  we’ll  give  you.” 

Buying  Kilowatts 

But  is  it  realistic  to  expect  customers  to  know  not  just  how 
much  equipment  they  need  hosted,  but  how  much  power  will  be 
needed  for  each  rack  of  equipment? 

“For  some  customers,  it  is  very  realistic,”  Stewart  says.  In  fact, 
Terremark  is  moving  in  this  direction  in  response  to  customer 
demand.  “Many  of  them  come  to  us  with  a  maximum-kilowatt 
order  and  let  us  lay  the  space  out  for  them,”  he  says.  If  a  customer 
doesn’t  know  what  its  energy  needs  per  cabinet  will  be,  Terremark 
sells  power  per  “whip,”  the  power  cable  feed  to  each  cabinet. 

IBM’s  Schmidt  thinks  further  power-density  increases  are  pos¬ 


sible,  but  the  methods  by  which  data  centers 
cool  those  racks  will  need  to  change. 

ILM’s  data  center,  completed  in  2005, 
was  designed  to  support  an  average  load 
of  200  watts  per  square  foot.  The  design 
has  plenty  of  power  and  cooling  capacity 
overall.  It  just  doesn’t  have  a  way  to  effi¬ 
ciently  cool  the  high-density  racks. 

ILM  uses  a  hot  aisle/cold  aisle  design, 
and  the  staff  has  successfully  adjusted  the 
number  and  position  of  perforated  tiles  in 
the  cold  aisles  to  optimize  airflow  around 
the  carefully  sealed  BladeCenter  racks.  But 
to  avoid  hot  spots,  the  room  air  conditioning 
system  is  cooling  the  entire  13,500-square- 
foot  raised  floor  space  to  a  chilly  65  degrees. 

Clark  knows  it’s  inefficient;  today’s  IT  equipment  is  designed 
to  run  at  temperatures  as  high  as  81  degrees,  so  he’s  looking  at  a 
technique  called  cold-aisle  containment. 

Other  data  centers  are  experimenting  with  containment  — 
high-density  zones  on  the  floor  where  doors  seal  off  the  ends  of 
either  the  hot  or  cold  aisles.  Barriers  may  also  be  placed  along 
the  top  of  each  row  of  cabinets  to  prevent  hot  and  cold  air  from 
mixing  near  the  ceiling.  In  other  cases,  cold  air  may  be  routed  di¬ 
rectly  into  the  bottom  of  each  cabinet,  pushed  up  to  the  top  and 
funneled  into  the  return-air  space  in  the  ceiling  plenum,  creating 
a  closed-loop  system  that  doesn’t  mix  with  room  air  at  all. 

“The  hot/cold  aisle  approach  is  traditional  but  not  optimal,”  says 
Rocky  Bonecutter,  manager  of  data  center  technology  and  opera¬ 
tions  at  Accenture  PLC.  “The  move  now  is  to  go  to  containment.” 

HP’s  Gross  estimates  that  data  centers  that  use  such  techniques 
can  support  up  to  about  25  kW  per  rack  with  a  computer  room  air 
conditioning  system.  “It  requires  careful  segregation  of  cold  and 
hot,  eliminating  mixing,  optimizing  the  airflow.  These  are  becom¬ 
ing  routine  engineering  exercises,”  he  says. 

While  redesigning  data  centers  to  modern  standards  has 
helped  reduce  power  and  cooling  problems,  the  newest  blade 

Continued  on  page  32 


The  hot/cold 
aisle  approach  is 
traditional  but  not 
optimal.  The  move 
now  is  to  go  to 
containment. 

ROCKY  BONECUTTER,  DATA  CENTER 
TECHNOLOGY  AND  OPERATIONS 
MANAGER, ACCENTURE  PLC 


The  Pros  and  Cons 
Of  Hot  Data  Centers 

Raising  the  operating  temperature  of  servers  and  other  data  center 
gear  doesn't  always  save  on  cooling  costs.  Most  IT  manufacturers  in¬ 
crease  fan  speeds  for  servers  and  other  equipment  as  temperatures  exceed 
about  77  degrees  Fahrenheit  to  keep  the  processor  and  other  component 
temperatures  constant,  says  IBM  fellow  Roger  Schmidt.  At  temperatures 
above  77  degrees,  the  speed  of  fans  in  most  servers  sold  today  increases 
significantly  and  processors  suffer  higher  current  leakage. 

Power  consumption  increases  as  the  cube  of  the  fan  speed  -  so  if  speed 
increases  by  10%,  that  means  a  33%  increase  in  power.  At  temperatures 
above  81  degrees,  data  center  managers  may  think  they’re  saving  energy 
when  in  fact  servers  are  increasing  power  usage  at  a  faster  rate  than  what  is 
saved  in  the  rest  of  the  data  center  infrastructure. 

BOTTOM  LINE:  You  would  still  save  energy  overall  if  you  raised  the  tem¬ 


perature  to  81,  but  going  higher  presents  challenges  to  systems  and  compo¬ 
nent  designers.  Could  equipment  be  designed  to  operate  at  higher  tempera¬ 
tures?  Possibly,  Schmidt  says.  “Manufacturers  will  have  to  come  together  as 
a  group  to  determine  whether  we  should  recommend  a  higher  limit  that  will, 
in  fact,  save  energy  at  the  data  center  level." 

Tom  Bradicich,  an  IBM  vice  president,  says  that  with  all  of  the  different 
equipment  in  a  data  center,  getting  the  facility  optimized  for  81  degrees  is 
difficult.  Even  getting  the  components  in  the  boxes  IBM  builds  to  meet  the 
current  spec  can  be  a  challenge.  “We’re  working  in  a  world  where  we  inte¬ 
grate  a  lot  of  third-party  components,”  Bradicich  says.  “At  the  end  of  the  day, 
IBM  doesn’t  make  the  microprocessor  and  other  components.” 

Dylan  Larson,  director  of  data  center  technology  initiatives  at  Intel  Corp., 
thinks  the  day  when  everything  in  a  data  center  can  run  safely  at  81  degrees 
is  still  a  long  way  off.  “There’s  a  reliability  concern  people  have  when  it 
comes  to  running  data  centers  at  higher  temperatures,”  he  contends.  “Until 
the  industry  says,  ‘We’re  going  to  warranty  these  things  for  higher  tempera¬ 
tures,’ we’re  not  going  to  get  there.” 

-  ROBERT  L.  MITCHELL 


30  COMPUTER  WORLD  JUNE  7,  2010 


Tn,-rr*™- 

’.=Vf 


junci 


2,000  GB 
Traffic 

Included 


The  1&1  server  totally  configurable  to  your  needs 


A  powerful  virtual  server  environment 
with  full  root  access.  Adjust  the 
processor  core,  RAM,  and/or  hard 
disk  space  to  fit  your  needs.  With  j 
the  Dynamic  Cloud  Server,  you  can 
change  your  specifications 
at  any  time! 


Server  Configurate 


Traffic  (GB) 


Opteron 


1&1®  Dynamic  Cloud  Server  -  basic  configuration  includes: 


✓ 

✓ 

✓ 

✓ 


1  Virtual  Core  of  a  Quad-Core  AMD  Opteron™ 
2352  Processor 

1  GB  RAM 

lOO  GB  disk  space 

Guaranteed  resources  (just  like  a  dedicated  server!) 


More  server  offers  are  available  online.  Visit  our  website  for  details. 


'Offer  valid  through  June  30,  2010.  Offer  applies  to  Dynamic  Cloud  Servers  only,  up  to  a  maximum  discount  of  $149.97  per  server.  12  month  minimum  contract  term 
and  setup  fee  apply.  Prices  valid  for  basic  configuration  only.  For  other  configurations,  additional  costs  apply.  Visit  www.landl  .com  for  full  promotional  offer  details. 
Program  and  pricing  specifications  and  availability  subject  to  change  without  notice.  1&1  and  the  1&1  logo  are  the  trademarks  of  1&1  Internet  AG,  all  other  trade¬ 
marks  are  the  property  of  their  respective  owners  ©2010  Internet,  Inc.  All  rights  reserved. 


DATA  CENTERS 


Continued  from  page  30 
servers  are  already  exceeding  25  kW  per 
rack.  IT  has  spent  the  past  five  years  tight¬ 
ening  up  racks,  cleaning  out  raised  floor 
spaces  and  optimizing  airflows.  The  low- 
hanging  fruit  is  gone  in  terms  of  energy 
efficiency  gains.  If  densities  continue  to 
rise,  containment  will  be  the  last  gasp  for 
computer-room  air  cooling. 

Time  for  Liquid  Cooling? 

Some  data  centers  have  already  begun  to 
move  to  liquid  cooling  to  address  high- 
density  hot  spots.  The  most  common 
technique,  called  closely  coupled  cooling, 
involves  piping  chilled  liquid,  usually 
water  or  glycol,  into  the  middle  of  the 
raised  floor  space  to  supply  air-to-water 
heat  exchangers  within  a  row  or  rack.  Kumar 
estimates  that  20%  of  Gartner’s  corporate 
clients  use  this  type  of  liquid  cooling  for  at  least 
some  high-density  racks. 

IBM’s  Schmidt  says  data  centers  with 
room-based  cooling  —  especially  those  that 
have  moved  to  larger  air  handlers  to  cope  with 
higher  heat  densities  —  could  save  considerable 
energy  by  moving  to  liquid  cooling. 

But  Microsoft’s  Belady  thinks  liquid’s  appeal 
will  be  limited  to  a  single  niche:  high-performance  computing. 
“Once  you  bring  liquid  cooling  to  the  chip,  costs  start  going  up,”  he 
contends.  “Sooner  or  later,  someone  is  going  to  ask  the  question: 
Why  am  I  paying  so  much  more  for  this  approach?” 

The  best  way  to  take  the  momentum  away  from  ever-increasing 
power  density  is  to  change  the  chargeback  method  for  data  center 
use,  says  Belady.  Microsoft  changed  its  cost  allocation  strategy 
and  started  billing  users  based  on  power  consumption  as  a  portion 
of  the  total  power  footprint  of  the  data  center,  rather  than  basing 
it  on  floor  space  and  rack  utilization.  After  that,  he  says,  “the 
whole  discussion  changed  overnight.”  Power  consumption  per 
rack  started  to  dip.  “The  whole  density  thing  gets  less  interesting 
when  your  costs  are  allocated  based  on  power  consumed,”  he  says. 

Once  Microsoft  began  charging  for  power,  its  users’  focus 
changed  from  getting  the  most  processing  power  in  the  smallest 
possible  space  to  getting  the  most  performance  per  watt.  That 
may  or  may  not  lead  to  higher-density  choices  —  it  depends  on 
the  overall  energy  efficiency  of  the  proposed  solutions.  On  the 
other  hand,  Belady  says,  “if  you’re  charging  for  space,  the  motiva¬ 
tion  is  100%  about  density.” 

Today,  vendors  design  for  the  highest  density,  and  users  are 
often  willing  to  pay  more  for  a  higher-density  server  infrastruc¬ 
ture  to  save  on  floor  space  charges,  even  when  performance  per 
watt  is  lower  because  of  added  power  distribution  and  cooling 
needs.  But  on  the  back  end,  80%  of  operating  costs  scale  with 
electricity  use  —  and  the  electromechanical  infrastructure 
needed  to  deliver  power  and  cool  the  equipment. 

Belady,  who  previously  worked  on  server  designs  as  a  distin¬ 
guished  engineer  at  HP,  argues  that  IT  equipment  should  be  de¬ 
signed  to  work  reliably  at  higher  operating  temperatures.  Current 
equipment  is  designed  to  operate  at  a  maximum  temperature  of 


81  degrees.  That’s  up  from  2004,  when  the 
official  specification,  set  by  the  ASHRAE 
(American  Society  of  Heating,  Refriger¬ 
ating  and  Air-Conditioning  Engineers) 
Technical  Committee  9.9,  was  72  degrees. 

But  Belady  says  running  data  center 
gear  even  hotter  than  81  degrees  could 
result  in  enormous  efficiency  gains. 

“Once  you  start  going  to  higher  tem¬ 
peratures,  you  open  up  new  opportunities 
to  use  outside  air  and  you  can  eliminate 
a  lot  of  the  chillers,  but  you  can’t  go  as 
dense,”  he  says.  Data  centers  in  some  parts 
of  the  country  already  turn  off  chillers  in 
the  winter  and  use  economizers,  which 
use  outside  air  and  air-to-air  or  air-to-water 
heat  exchangers  to  provide  “free  cooling.” 
If  IT  equipment  could  operate  at  95 
degrees,  most  data  centers  in  the  U.S.  could  be 
cooled  with  air-side  economizers  almost  year- 
round,  Belady  argues.  And,  he  adds,  “if  I  could 
operate  at  120  degrees,  I  could  run  anywhere 
in  the  world  with  no  air  conditioning  require¬ 
ments.  That  would  completely  change  the 
game.”  Unfortunately,  there  are  a  few  road¬ 
blocks  to  getting  there.  (See  story  on  page  30.) 

Belady  wants  equipment  to  be  tougher,  but 
he  also  thinks  servers  are  more  resilient  than 
most  administrators  realize.  He  believes  that  the  industry  needs 
to  rethink  the  highly  controlled  environments  that  host  distrib¬ 
uted  computing  systems  today. 

The  ideal  strategy,  Belady  says,  is  to  develop  systems  that  op¬ 
timize  each  rack  for  a  specific  power  density  and  manage  work¬ 
loads  to  ensure  that  each  cabinet  hits  that  number  all  the  time. 

In  this  way,  both  power  and  cooling  resources  would  be  used 
efficiently,  with  no  waste  from  under-  or  overutilization.  “If  you 
don’t  utilize  your  infrastructure,  that’s  actually  a  bigger  problem 
from  a  sustainability  standpoint  than  overutilization,”  he  says. 

What’s  Next 

Belady  sees  a  bifurcation  coming  in  the  market.  High-performance 
computing  will  go  to  liquid  cooling,  while  the  rest  of  the  enter¬ 
prise  data  center  —  and  Internet-based  data  centers  like 
Microsoft’s  —  will  stay  with  air  but  move  to  locations  where 
space  and  power  costs  are  cheaper  so  they  can  scale  out. 

Paul  Prince,  chief  technology  officer  of  the  enterprise  product 
group  at  Dell  Inc.,  doesn’t  think  most  data  centers  will  hit  the 
power-density  wall  anytime  soon.  The  average  power  density  per 
rack  is  still  manageable  with  room  air,  and  he  says  hot  aisle/cold 
aisle  designs  and  containment  systems  that  create  “superaggres- 
sive  cooling  zones”  will  help  data  centers  keep  up.  Yes,  densities 
will  continue  their  gradual  upward  arc.  But,  he  says,  it  will  be 
incremental.  “I  don’t  see  it  falling  off  a  cliff.” 

At  ILM,  Clark  sees  a  move  to  liquid,  in  the  form  of  closely 
coupled  cooling,  as  inevitable.  Clark  admits  that  he  and  most  of 
his  peers  are  uncomfortable  with  the  idea  of  bringing  liquid  into 
data  centers.  But  he  thinks  that  high-performance  facilities  will 
have  to  adapt.  We’re  going  to  get  pushed  out  of  our  comfort  zone,” 
Clark  says.  “But  we’re  going  to  get  over  that  pretty  quickly.”  ♦ 


We're  beyond  the 
point  where  more 
density  is  better.  The 
minute  you  double 
compute  density,  you 
double  the  footprint 
in  the  back  room. 

CHRISTIAN  BELADY,  LEAD 
INFRASTRUCTURE  ARCHITECT,  MICROSOFT 
CORP.  GLOBAL  FOUNDATION  SERVICES 


32  COMPUTERWORLD  JUNE  7,  2010 


The  ultimate  in  server  technology,  our  powerful  new  hardware 
class  is  the  perfect  solution  for  running  your  resource-intensive 
applications. 


ims 

pi 

ill 

1&1®  Hexa-Core  Servers  -  using  the  latest  generation  of  AMD  six-core  processors: 


Starting  at 


✓  2  x  Six-Core  AMD  Opteron™ 

2423  HE  Processor 

✓  Up  to  32  GB  memory 
l/  Up  to  2  TB  of  usable  disk  space  with  RAID  5 

✓  Energy  efficient,  AMD-P  technology 


More  server  offers  are  available  online.  Visit  our  website  for  details. 


‘Offer  valid  through  June  30,  2010. 12  month  minimum  contract  term  and  setup  fee  apply.  Visitwww.1and1.com  for  full  promotional  offer  details.  Program  and 
pricing  specifications  and  availability  subject  to  change  without  notice.  1  &1  and  the  1  &1  logo  are  the  trademarks  of  1  &1  Internet  AG,  all  other  trademarks  are  the 
property  of  their  respective  owners.  ©201 0  Internet,  Inc.  All  rights  reserved. 


Quick 

^STUDY 


Flash  Memory 

Get  up  to  speed  on  the  storage 
technology  inside  memory  cards, 
smartphones,  USB  sticks  and  the  new 
solid-state  drives.  By  Russell  Kay 


F 


LASH  MEMORY  is  inside  your  smartphone, 
GPS,  MP3  player,  digital  camera,  PC  and 
the  USB  drive  on  your  key  chain.  Solid-state 
drives  (SSD)  using  flash  memory  are  replacing 
hard  drives  in  netbooks  and  PCs  and  even  some  server 
installations.  Needing  no  batteries  or  other  power  to 
retain  data,  flash  is  convenient  and  relatively  foolproof. 

As  with  other  solid-state  technologies,  flash  memo¬ 
ry’s  history  includes  rapidly  increasing  capacity,  ever- 
smaller  physical  sizes  and  continually  falling  prices. 

Flash  memory  is  a  type  of  electronically  erasable 
programmable  read-only  memory  (EEPROM),  memory 
chips  that  retain  information  without  requiring  power. 
(This  is  different  from  flash  RAM,  which  does  need 
power  to  retain  data.)  Regular  EEPROM  erases  content 
byte  by  byte;  most  flash  memory  erases  data  in  whole 
blocks,  making  it  suitable  for  use  with  applications 
where  large  amounts  of  data  require  frequent  updates. 
Inside  the  flash  chip,  data  is  stored  in  cells  protected 
by  floating  gates.  Tunneling  electrons  change  the  gate’s 
electronic  charge  in 
“a  flash”  (hence  the 
name),  clearing  the 
cell  of  its  contents  so 
it  can  be  rewritten. 

Flash  memory 
devices  use  two  differ¬ 
ent  logical  technologies 
—  NOR  and  NAND  — 
to  map  data.  NOR  flash 
provides  high-speed 
random  access,  reading 
and  writing  data  in 
specific  memory  loca¬ 
tions;  it  can  retrieve  as 
little  as  a  single  byte. 

NOR  is  used  to  store 
cell  phones’  operat¬ 


ing  systems;  it’s  also  used  in  computers  for  the  BIOS 
program  that  runs  at  start-up. 

NAND  flash  reads  and  writes  sequentially  at  high  speed, 
handling  data  in  small  blocks  called  pages.  This  flash  is 
used  in  solid-state  and  USB  flash  drives,  digital  cameras, 
audio  and  video  players,  and  TV  set-top  boxes.  NAND 
flash  reads  faster  than  it  writes,  quickly  transferring  whole 
pages  of  data.  Less  expensive  than  NOR  flash,  NAND 
technology  offers  higher  capacity  for  the  same-size  silicon. 

As  a  NAND  chip  wears  out,  erase/program  opera¬ 
tions  slow  down  considerably,  causing  more  retries  and 
bad  block  remapping.  Moving  many  small  files  could 
further  degrade  transfer  rates.  Catastrophic  failure 
happens  only  with  extended  use  (after  thousands  of 
writes  and  accesses);  periodic  backup  and  replacement 
forestall  this  problem. 

Flash  Applications 

USB  drives:  Introduced  in  2002,  USB  drives  encapsu¬ 
late  flash  with  a  memory  controller  in  a  small  package 
offering  high  capacity,  fast  transfer  rates,  flexibility  and 
convenience;  some  feature  built-in  hardware  encryp¬ 
tion  and  password  protection.  Compared  with  floppy 
or  optical  drives,  USB  flash  drives  store  more  data  and 
provide  easy  file  transfer  between  most  devices  with  a 
USB  interface. 

In  December  2004,  Computer-world  described  a  2GB 
flash  drive  that  cost  more  than  $400;  nowadays,  2GB 
devices  can  commonly  be  found  for  under  $10.  This 
February,  Kingston  Technology  Corp.  announced  U.S. 
availability  of  a  256GB  flash  drive  —  the  biggest  yet  — 
for  $1,100. 

Memory  cards:  These  have  evolved  from  the  match¬ 
book-size  CompactFlash  cards  introduced  in  1994 
through  2001’s  postage-stamp-size  Secure  Digital  cards 
to  the  latest  miniSD  and  microSD  cards,  with  higher 
capacities  and  faster  transfer  speeds  at  every  step. 

Solid-state  drives:  The  newest  flash  memory  applica¬ 
tion,  SSDs  can  replace  a  computer’s  hard  drive.  They 
have  no  moving  parts,  so  mechanical  failure  is  near 
zero.  Solid-state  drives  are  quieter  and  smaller  than 
hard  drives,  and  they  provide  faster  response,  access  and 

boot-up  times  but  consume  much  less  power  and 
run  cooler.  Traditional  hard  drives  currently  offer 
greater  capacity  and  a  lower  price,  but  this  will  likely 
change.  Early  concerns  that  flash 
memory’s  finite  number  of  erase/ 
write  cycles  would  be  a  problem 
are  abating  as  warranties  for 
flash-based  SSDs  approach 
those  of  hard  drives.  ♦ 

Kay  is  a  Computerworld 
contributing  writer  in  Worces¬ 
ter,  Mass.  Contact  him  at 
russkay@charter.net. 

©  WANT  MORE? 

For  a  complete  archive 
of  QuickStudies,  go 

to  computerworld. 
com/quickstudies. 


34  COMPUTERWORLD  JUNE  7,  2010 


T *****  *  f«<Xron 
o*s!  tjw j(M  mlrecte  -  sa  m 
iov«  canto#  r'  or  p3trenii» 
c*nt«r  are  axetassaS  mwa 
-oic«  Wo  fourth  this  to  t» 
i  i  an^uaca  {r«J«p**H&stt 
[  Ow  IS y*ar* o? mearch  has 
|  :  hown  76  •  S3**  aocxsaf  _ 


J=  BnV»«s 

,>MI  ’an;V  i^iiiim- 


■^v  ' 

■■■ 


■■ 
’  MB. 


DEMO  m}£ 


Congratulations  to 

eXaudios  Maglnify  Call  Center 

Winner  of  the  DEMO  $  1  Million 
People's  Choice  Media  Prize 


eXaudios  developed  capabilities  to  understand  people's  emotions  through  their  voice 
in  real  time  as  they  speak.  Launching  at  DEMO,  this  revolutionary  new  product  is  designed 
for  call  centers  and  can  mitigate  escalations,  identify  fraudulent  situations,  provide  "how-to" 
recommendations,  and  monitor  performance  by  management. 


Watch  their  award-winning  product  launch  at: 

www.demo.com/ event/ demospring20 1 0/ winner 


www.exaudios.com 


DEMO 


Up  Next:  DEMO  Fall,  2010  -  Septem  ber  13-15,  Hyatt  Regency  Silicon  Valley. 
For  complete  information  and  to  register,  go  to  www.demo.com 


cmpuibmu  cso  DEMO  irtfoWorid  Macworld  networkworld 


Participating  media 
prize  companies  are: 


CIO 


PC  World 


It  All  Comes  Down  to  Patching 

You  may  have  an  extremely  sophisticated  security  program 
in  place,  but  it’s  all  for  naught  without  patch  management. 


Does  it  all  come  down 

to  patch  management? 

As  a  security  manager,  I 
pursue  many  initiatives,  striv¬ 
ing  to  protect  the  company 
on  many  fronts.  But  patch  management 
is  a  key  metric  of  our  risk  exposure,  since 
there  is  a  direct  correlation  between 
security  incidents  and  patch  compliance. 
So,  in  a  way,  it  does  all  come  down  to 
something  as  basic  as  patch  manage¬ 
ment,  because  if  we  fail  there, 
we  can’t  be  secure. 

Of  course  we  have  a 
patch  management  policy, 
but  I’ve  been  frustrated  in 
trying  to  get  our  various 
IT  and  engineering 
departments  to  comply 
with  it. 

I’m  not  even  talking  about  the  impos¬ 
sibility  of  patching  the  control  PCs  that 
are  connected  to  tools  running  in  our 
labs  and  our  engineering  departments. 
There,  we  need  to  maintain  older  ver¬ 
sions  of  operating  systems  to  support 
legacy  products.  We  can’t  keep  those 
patched,  and  I  accept  that. 

Instead,  I’m  talking  about  things  like 
the  deployment  of  new  virtual  servers. 
When  we  first  talked  about  implement¬ 


ing  virtualization,  it  was  agreed  that  we 
would  keep  on  top  of  the  security  patches 
for  the  images  used  to  deploy  new  virtual 
servers.  At  first  that  process  was  followed, 
but  it’s  very  easy  to  bypass  the  formal 
change-control  process  when  deploying 
new  servers,  and  as  time  went  by,  I  started 
noticing  that  some  virtual  servers  didn’t 
have  the  latest  patches. 

A  year  ago,  when  the  patch  process 
was  running  smoothly  (the  honeymoon 
phase),  I  authorized  the  disabling  of 
Windows  Update  so  that  we  could  use 
Microsoft  System 
Center  Configuration 
Manager  to  handle 
updates.  It  seemed  like  a 
reasonable  response  to  a 
big  problem:  Some  PCs 
didn’t  operate  properly  after  the  automatic 
downloads.  Better  to  disable  the  auto¬ 
matic  updates  in  favor  of  a  testing  and 
validation  process.  That  way,  we  could 
push  out  patches  only  when  we  were  sure 
that  potential  problems  had  been  miti¬ 
gated.  That  led  to  a  new  problem,  though: 
It  could  take  weeks,  if  not  a  month,  to 
deploy  patches  that  had  to  be  tested  and 
validated  first;  so  much  for  timely  patch¬ 
ing.  As  you  would  expect,  the  delays  led  to 
an  increase  in  security  incidents. 


the  discussions  about 
security!  computerworld. 
com/blogs/security 


It  can  take  weeks  to  deploy  patches  that 
have  to  he  tested  and  validated  first. 


vv  Patching  is 

//  the  very  basis  of  good 
security  practice,  but  some 
frustrations  with  patch 
management  remain. 


vv  Never 

//  let  up,  and  continually 
find  new  ways  to  ensure 
compliance. 


But  we  could  institute  some  compen¬ 
sating  controls.  I  told  the  IT  department 
to  identify  the  IP  addresses  or  machine 
names  of  PCs  that  weren’t  patched  prop¬ 
erly  and  add  them  to  watch  lists  for  our 
intrusion-detection  sensors  to  monitor. 
And  because  we  don’t  have  full  IDS  cov¬ 
erage,  I  also  ordered  the  installation  of  a 
host-based  intrusion-detection  agent.  I’m 
also  talking  to  our  network  team  about 
creating  a  separate  quarantine  virtual 
LAN  with  appropriate  firewall  rules  to 
protect  our  main  corporate  environ¬ 
ment  from  attacks  targeting  vulnerable 
servers. 

Get  the  NAC 

But  even  with  these  new  policies  in 
place,  along  with  our  Web  content 
filtering,  firewalls  and  network  monitor¬ 
ing  infrastructure,  we  still  have  a  big 
problem:  We  have  no  control  over  the 
connection  of  unauthorized  devices  to 
our  network.  Anyone  at  all  can  connect 
any  sort  of  device  to  our  network  —  and 
then  introduce  malware  or  steal  intel¬ 
lectual  property. 

My  great  hope  is  that  we  can  imple¬ 
ment  network  access  control  someday 
soon.  NAC  would  enable  us  to  guaran¬ 
tee  the  configuration  of  any  device  that 
attempted  to  connect  to  our  network 
(preadmission  NAC).  It  would  also 
establish  the  identity  of  the  user  of  that 
device  and  control  which  resources 
that  device  could  access  (postadmission 
NAC).  NAC  is  on  my  road  map,  but  un¬ 
fortunately,  there’s  no  funding  available 
at  this  time.  For  now,  it  is  the  Nirvana  I 
aspire  to.  ♦ 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman,” 
whose  name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com. 


COMPUTERWCRILD  JUNE  7,  2010 


>!lpy 


size 

How  much  new  hardware  did  we  buy? 


Director  of  Technology 

Todd  Sian 

Total  Wine  &  More 


mu 

iSSlI 


To  read  the  full  case  study,  visit  itseverybodysbusiness.com/save 


— —  -  \ 


To  download  the  case  study, 
snap  this  tag  or  text  SAVE  to  21710* 


Get  the  free  app  for  your  phone  at 
http://gettag.mobs 

*Standard  messaging  and  dat  ■;  changes  apply. 


Call  Center  Overuse  Is  a 
Hidden  Price  of  Cost-Cutting 


Think  twice 
before  you 
cut  your 
product 
documen¬ 
tation  and 
training 
budgets. 


Bart  Perkins  is 

managing  partner  at 
Louisville,  Ky.-based 
Leverage  Partners 
Inc.,  which  helps 
organizations  invest 
well  in  IT.  Contact 
him  at  BartPerkinsd) 
LeveragePartners.com. 


LEVS  TALK  ABOUT  false  economy  —  in  particular,  the  false  economy 
of  cutting  or  eliminating  product  documentation  and  training  bud¬ 
gets.  When  times  are  hard  and  budgets  have  to  be  slashed,  the  line 
items  for  documentation  and  training  can  look  like  fat,  easy  targets. 


Yet  cuts  in  those  areas  actually  increase  internal 
costs,  and  they  can  frustrate  external  customers 
in  ways  that  are  expensive  for  the  company. 

Internally,  cutting  off  the  source  of  information 
forces  staff  to  learn  new  systems  through  trial  and 
error,  or  by  asking  colleagues.  This  wastes  every¬ 
one’s  time  and  causes  unnecessary  frustration. 

Less  obvious  are  the  effects  that  result  from 
your  external  customers’  encounters  with  your 
documentation  and  training  cuts.  Your  customers 
are  accustomed  to  user-friendly  products  like  the 
iPod,  which  is  so  intuitive  that  training  and  docu¬ 
mentation  are  virtually  unnecessary.  Faced  with  a 
complex  product  that  requires  technical  assistance, 
customers  expect  easy-to-locate  educational  videos 
on  the  Web,  supported  by  additional  product  in¬ 
formation.  Take  all  that  away,  and  frustrated  cus¬ 
tomers  are  likely  to  call  instead,  looking  to  speak 
directly  with  someone  at  your  company.  Some  are 
sure  to  look  into  competitors’  products  if  they  feel 
that  you’re  not  providing  reasonable  support. 

A  few  thousand  frustrated  customers  can  have  a 
big  impact  on  your  call  center,  leading  to  problems 
like  these: 

■  Higher  call  volumes.  Call  centers  are 
designed  to  handle  large  numbers  of  routine  ques¬ 
tions,  not  general  product  education.  And  calls  for 
information  that  should  exist  elsewhere  increase 
call  center  volumes  to  unpredictable  levels. 

■  Improper  call  handling.  Call  center  staffers 
are  trained  to  respond  to  specific  types  of  problems, 
following  an  established  set  of  diagnostic  questions 
to  ensure  that  those  problems  are  addressed  prop¬ 
erly  and  efficiently.  Calls  for  which  there  are  no 


prepared  responses  can  fluster  staffers,  and  callers 
may  receive  inaccurate  information,  be  passed  from 
person  to  person  or,  worst  of  all,  never  obtain  the 
information  they  were  seeking. 

■  Inaccurate  metrics.  Most  call  centers 
measure  such  things  as  wait  time,  talk  time  and 
call  abandon  rate.  Those  metrics  will  be  distorted 
for  a  call  center  deluged  with  questions  that  staff¬ 
ers  weren’t  trained  to  handle.  The  simple  act  of 
transferring  a  call  in  the  hope  of  finding  someone 
who  can  answer  a  question  can  greatly  prolong  the 
call.  And  if  you  know  that  your  call  center  is  getting 
hit  with  more  information-seeking  calls  and  yet 
call  times  haven’t  increased  very  much,  it  could 
be  a  sign  that  things  are  even  worse:  If  call  center 
compensation  is  directly  linked  to  talk  time,  some 
staffers  might  be  dropping  difficult  calls  or  invent¬ 
ing  answers  just  to  close  calls  quickly.  That’s  likely 
to  turn  frustrated  customers  into  angry  ones. 

■  Inefficient  use  of  costly  resources.  Whereas 
good  documentation  and  training  deliver  con¬ 
sistent  information  for  a  finite  cost,  call  centers 
are  one  of  the  least  efficient  ways  to  help  people 
learn  to  use  a  product.  What’s  more,  accuracy  of 
information  is  dependent  on  the  knowledge  level 
of  the  particular  person  answering  the  call.  And 
inaccurate  information  may  result  in  repeat  calls. 

■  Unhappy  customers.  Customer  frustration 
often  results  in  customer  loss.  Enough  said. 

In  the  end,  budget  cuts  for  documentation  and 
training  merely  shift  costs  to  another  department. 
Managers  have  been  trained  to  calculate  TCO  for  IT 
products.  They  need  to  similarly  calculate  the  TCS 
—  total  cost  of  support  —  for  their  own  products.  ♦ 


38  COMPUTERWORLD  JUNE  7,  2010 


MARKETPLACE 


"Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second"  —  InfoWorld 

dtSearch  "covers  all  data  sources  ...  powerful  Web-based  engines" 

—  eWEEK 

"Lightning  fast ...  performance  was  unmatched  by  any  other  product" 

—  Redmond  Magazine 

For  hundreds  more  reviews,  and  hundreds  of  developer 
case  studies,  see  www.dtSearch.com 

1-800-IT-FINDS  •  www.dtSearch.com 

The  Smart  Choice  for  Text  Retrieval®  since  1991 


dtSearch"  Instantly  Search  Terabytes  of  Text 


Instantly  Search 
Terabytes  of  Text 


♦  25+  full-text  and  fielded  data  search  options 

♦  Built-in  file  parsers  and  converters  highlight  hits  in  popular  file  types 

♦  Spider  supports  static  and  dynamic  web  data;  highlights  hits  with 
links,  formatting  and  images  intact 

♦  API  supports  C++,  .NET,  Java,  SQL,  etc.  .NET  Spider  API. 

Includes  64-bit  (Win/Linux) 

♦  Fully-functional  evaluations  available 

Content  extraction  only  licenses  also  available 


Personalized  IT  newsletters 
from  Tech  Dispenser. 

You  pick  the  topics. 

You  pick  the  sources. 

You  pick  the  frequency. 

Build  your  own  newsletter  featuring  your  favorite 
technology  topics  —  cloud  computing,  application 
development,  security  —  over  200  timely  topics, 
from  more  than  700  trusted  sources. 

Get  started  today.  It's  free. 
www.techdispenser.com 

TECH  Q  DISPENSER 

Disturbingly  personal  newsletters  . 


JUNE  7,  2010  COMPUTERWORLD  39 


Q&A 

David  Foote 

The  CEO  of  IT  workforce  analyst  firm 

Foote  Partners  LLC  explains 
why  high  volatility  in  the  IT  labor 
ana  skills  markets  will  remain 
long  after  the  economy  recovers. 

First  of  all,  how  are  you  defining  and 
measuring  volatility?  Pay  and  demand 
for  IT  skills  at  more  than  2,000  employ¬ 
ers  in  North  America  that  participate  in 
our  research.  We’ve  built  several  statisti¬ 
cal  gauges  for  examining  trends  in  each. 
The  IT  Skills  and  Certifications  Pay  Index 
surveys  pay  premiums  earned  by  23,000 
IT  professionals  for  438  individual  techni¬ 
cal  and  business  skills,  both  certified  and 
noncertified.  Our  IT  Skills  Volatility  Index 
tells  us  what  percentage  of  these  skills  are  changing  in  market  value, 
either  up  or  down.  We  also  survey  salaries  for  nearly  100,000  IT  workers 
and  a  few  hundred  job  titles.  All  of  these  are  updated  continuously,  but 
we  tend  to  analyze  labor  market  trends  in  three-month  increments  and 
have  been  doing  so  since  1998.  We  also  stay  in  regular  contact  with  sev¬ 
eral  hundred  IT  executives,  who  provide  us  with  deep-dive  perspective 
that  the  data  itself  cannot. 


What  have  you  been  finding?  Quarter-by-quarter  skills  volatility  has 
been  in  the  29%  to  39%  range  in  the  past  year  and  a  half.  From  2005  to 
2008,  it  averaged  only  half  of  that.  This  index  has  been  swinging  back 
and  forth  by  as  much  as  10  points  over  periods  as  short  as  three  months, 
which  is  unprecedented.  As  for  the  market  values  themselves,  noncerti¬ 
fied  skills  have  shown  overall  gains  in  two  straight  quarters,  while  aver¬ 
age  certification  pay  has  been  on  a  steady  decline  for  four  years  straight. 
But  as  you  dig  deeper  into  each  skill  category,  consistency  is  very  hard 
to  find.  The  truth  is  that  IT  employment  and  salaries  have  been  stabiliz¬ 
ing,  but  pay  and  demand  for  specific  skills  and  specialized  talent  remain 
highly  volatile  and  unpredictable.  There  are  clearly  other  factors  than  the 
recession  at  work  here. 

Like  what,  for  instance?  An  almost  seismic  shifting  to  new  IT  service 
delivery  and  sourcing  models,  for  one  thing.  CIOs  have  been  struggling 
with  this  for  years,  under  pressure  from  their  business  counterparts  to 
become  more  agile  and  flexible,  react  faster  and  execute  more  quickly  - 
to  rise  to  the  challenge  of  becoming  a  business  impact  player.  But  there’s 
risk  involved  in  organizational  and  staffing  change  of  this  magnitude, 
and  it’s  not  easy.  In  better  times,  the  general  attitude  for  many  was, 

“Why  stick  my  neck  out?”  So  instead,  they’d  just  sort  of  rearrange  the 
furniture.  What  the  downturn  has  done  is  get  IT  managers  “unstuck"  and 
motivated.  For  some,  it  is  career  opportunism.  For  the  rest,  it’s  survival: 
fear  of  losing  their  jobs  if  they  don’t  take  advantage  of  a  rare  window  of 
opportunity  to  start  blasting  away  at  traditional  IT  staffing  models. 

What  are  these  new  models?  Think  skills  acquisition,  not  jobs  acquisi¬ 
tion.  Managed  services,  cloud  computing,  SaaS,  PaaS,  laaS.  Contractors 
and  consultants,  not  full-time  hires.  Adaptive,  iterative  execution,  not 
bloated,  stagnating  project  portfolios.  High-performance  teaming,  not  re¬ 
liance  on  the  same  exhausted  IT  superstar  performers  to  get  the  job  done 
time  and  again.  Being  great  at  operational  stuff  but  having  more  impact 
in  product  development,  ideas,  innovation  and  strategic  areas  that  will 
help  businesses  survive  and  thrive  in  a  brutally  competitive,  fast-moving 
global  marketplace.  There  is  progress  being  made  out  there  right  now  by 
some  courageous  but  very  nervous  IT  executives  trying  to  engineer  this 
transition.  It’s  causing  higher  volatility  in  pay  and  demand  for  skills  and 
people  as  the  natural  condition  of  a  transforming  workforce.  This  is  the 
new  standard  in  market  behavior  for  years  -  not  months  -  to  come. 

There’s  no  turning  back?  We  will  never  return  to  the  sort  of  labor  mar¬ 
ketplace  for  IT  professionals  that  existed  before  2008.  But  that’s  a  good 
thing.  Business  leaders  know  that  it’s  not  technology  per  se  but  the  abil¬ 
ity  to  use  it  wisely  that  counts.  They  desperately  need  to  get  to  the  other 
side  of  this  IT  transformation  as  quickly  as  possible  and  get  more  of  these 
business-technology  hybrids  into  the  game. 


JAMIE  ECKLE 


IT  Skills 
Volatility  Index 

Companies  were  asked  what  percentage  of 
IT  skills  and  certifications  had  changed  in 
market  value  from  the  preceding  period. 


SOURCE:  FOOTE  PARTNERS  LLC.  IT  SKILLS  AND 
CERTIFICATIONS  PAY  INDEX,  2005  TO  2010 
QUARTERLY  EDITIONS 


2005  2006  2007  2008  First  half  Q3  2009  Q4  2009  Q12010 

2009 


^0  COMPUTERWORLD  JUNE  7,  2010 


IT 


careers 


Hevar  Systems  seeks 
Programmer  Analysts  to  Develop 
new  and  existing  applications, 
using  software  tools  and  pro¬ 
grams  and  write  specifications; 
Technical  Skills  needed:  C,  C++, 
UNIX,  Java,  J2EE,  Web  sphere 
Portal,  TIBCO,  Stellent,  Flex  MQ 
Series,  AMISYS,  Oracle  Clinical, 
Oracle  Data  Integrator  (ODI),  PL/ 
SQL,  Oracle  Forms/Reports. 
Requirement:  Masteris  or 

Bacheloris  in  Computer  Science, 
MIS  or  Engineering  with 
Experience  as  an  Analyst/ 
Software  Engineer.  Send 
Resumes  to  Attn:  HR,  1333 
Corporate  drive,  Suite  102, 
Irving,  TX  75038. _ 


COMPUTERWORLD 

Law  Firms 
IT  Consultants 
Staffing 
Agencies 


Nokia  Inc.  has  the  following  exp / 
degreed  positions  in  San  Diego, 
CA 

Specialist,  SW  Integration:  Exp. 
involving  embedded  software 
development/integration  to 
include  C++  &  object  oriented 
deign;  Symbian  OS/S60  & 
related  software  build  tools  & 
processes  &  software  tracing  & 
debugging  to  include  Symbian, 
Lauterbach  SW  debugger  or 
Carbide;  knowledge/exp.  with 
SW  configuration  mgmt.  tools 
such  as  CM/Synergy.  [Job  ID: 
NOK-IOCA-SSI] 

Acoustic  Engineer:  Exp.  in  cel¬ 
lular  audio  acoustics  engineering 
to  include  audio  acoustic  design 
(capable  of  designing  the  ear¬ 
piece,  IHF,  &  Mic  acoustics); 
audio  SW  tuning  to  involve 
understanding  the  Gains  settings 
of  the  earpiece,  IHF,  Mic,  head¬ 
set,  HAC  T3,  TTY  &  subjective 
evaluation  on  the  tuning;  HW 
testing  with  understanding  of 
baseband  circuitry  &  designing 
baseband  &  verification  &  other 
skill  sets  required  for  position. 
[Job  ID:  10CA-AE] 

Mail  resume  to:  Attn:  Nokia 
Recruiter,  3575  Lone  Star  Circle, 
Ste.  434,  Ft.  Worth,  TX  76177  & 
note  Job  ID. 


Are  you 
frequently 
placing  legal  or 
immigration 
advertisements? 


Let  us 
help  you 
put  together 
a  cost  effective 
program  that 
will  make  this 
time-consuming 
task  a  little 
easier. 


Contact  us  at; 

800.762.2977 


it  careers 


Nokia  Inc.  has  the  following  exp / 
degreed  positions  in  San  Diego, 
CA 

Mechanical  Engineer:  Knowledge 
of  3D  CAD  &  2D  CAD  (basic 
drawing  &  tolerance  analysis  to 
include  understanding  of  Cpk  & 
Cp;  drawing  skills  to  include 
understanding  of  GD&T  as  well 
as  identifying  datum  features 
properly;  3D  CAD  skills  must 
include  parametric  model  crea¬ 
tion  &  proper  modeling  structure 
demonstrated);  strength  of  mate¬ 
rials  to  include:  Polycarbonate 
based  plastic  resin  strengths  & 
weaknesses;  Nylon  based  plastic 
resin  strengths  &  weaknesses  & 
other  skill  sets  required  for  posi¬ 
tion.  [Job  ID:  NOK-IOCA-ME] 

Mail  resume  to:  Attn:  Nokia 
Recruiter,  3575  Lone  Star  Circle, 
Ste.  434,  Ft.  Worth,  TX  76177. 


With  35  branch  offices  located 
across  the  US,  COMSYS  is 
actively  recruiting  for  the  follow¬ 
ing  positions. 

Programmer  Analyst-  metro 
Baltimore  MD-  Code  #  BA100 
Database  Administrator-  metro 
Houston,  TX-  Code  #  HOI 60 
QQA-  metro  Sacramento,  CA- 
Code  #  SA110 

Programmer  Analyst-  metro 
Warren,  NJ-  Code  #  WA200 
Programmer  Analyst  -  metro 
Richmond,  VA-  Code  #  RI200 
Roving  employment  to  varying 
jobsites  throughout  the  US. 
Please  refer  to  appropriate  job 
code  when  submitting  resume  to: 
COMSYS,  Attn.  Nancy  Theriault, 
15455  N.  Dallas  Pkwy.,  Ste  300, 
Addison,  TX  75001.  EOE./MF/DV 


IT  Opportunities 

Due  to  rapid  growth,  we  have  the  following  positions  available: 

Programmer  Analyst:  Analyze,  design,  develop,  code,  test  and  maintain 
database  management  systems.  Must  have  at  least  a  Bachelor’s  degree  and  3+ 
years  of  experience  and  the  ability  to  use  Mainframe,  DBA,  AS400  and  Client- 
Server  Tools. 

Project  Managers/Leaders:  Lead  a  team  of  programmer  analysts  and 
database  administrators  on  development  and  maintenance  of  hardware  and 
software  applications  as  well  as  be  responsible  for  project  planning  and  quality 
assurance.  Must  have  a  Bachelor’s  degree  and  5+  years  of  experience  and  the 
ability  to  use  Mainframe,  DBA,  AS400  and  Client-Server  Tools. 

Business  Development  Managers/Directors:  Manage  sales  activities 
and  achieve  sales  quota  for  assigned  territory.  Help  Syntel’s  sales  leadership  in 
planning  and  rolling  out  an  inside  sales  strategy.  Must  have  a  Bachelor’s  degree 
and  3+  years  of  experience. 

All  positions  are  located  throughout  the  U.S.  and  travel  is 
usually  required. 

Above  positions  commonly  require  any  of  the  following  skill  sets: 

Mainframe:  IMS  DM/DC  or  DB2,  MVS/ESA,  COBOL,  CICS,  Focus,  IDMS 
or  SAS. 

DBA:  ORACLE  or  SYBASE  DB2,  UDB 

Client-Server/WEB:  Ab-initio  •  Oracle  Applications  &  Tools  •  Websphere 

•  Lotus  Notes  Developer  •  VB,  Com/Dcom,  Active  X  •  Web  Architects  •  UNIX, 
C,  C++,  Visual  C++,  C#.NET,  ASP.NET,  VB.NET  •  SAP/R3,  ABAP/4  or  FICO  or 
MM  &  SD  •  IEF  •  Datawarehousing  and  ETL  tools  •  WiNT  •  Oracle  Developer 
or  Designer  2000  •  JAVA,  HTML,  J2EE,  EJB  •  RDBMS  •  PeopleSoft 

•  PowerBuilder  •  Web  Commerce 

AS400:  RPG,  ILE,  Coolplex 

Please  forward  your  cover  letter  and  resume 
to:  Syntel,  Attn:  Recruitment  Manager 
525  E.  Big  Beaver,  Ste.  300 
Troy,  Ml  48083 

E-mail:  syntel_usads@syntelinc.com  EOE 


5VN*irSL 

iwww.syntelinc.com 


Sr.  Applications  Developer 
needed  in  NJ,  TX  &  other  unan¬ 
ticipated  client  sites  w /  exp 
using  C#,  ASP.NET  &  VB.NET. 
Mail  resume  to:  Collabera,  Attn: 
Hireme,  25  Airport  Rd, 
Morristown,  NJ  07960. 


Project  Managers  needed  to 
architect,  dsgn,  code  &  test  si 
ware  while  managing  teams  to 
deliver  solutions.  Involved  in  pre¬ 
sales  process,  client  meetings, 
proposal  dvlpmt,  project  esti¬ 
mates,  &  technical,  process  & 
problem  definition.  Exp  in  a 
broad  range  of  technologies  & 
platforms  desired.  Technologies 
may  incl:  .NET,  ASP.NET,  VB, 
C#,  Java,  J2EE,  Spring,  MS 
SQL,  Sharepoint,  Open  Source, 
PHP,  JSP  Mail  resume  to:  Arris 
Systems,  650  E.  Swedesford  Rd, 
#110,  Wayne,  PA  19087. _ 


Cogent  Healthcare,  Inc.  is 
accepting  resumes  for  the  posi¬ 
tion  of  Senior  Data  Warehouse 
Analyst  for  their  office  in 
Brentwood,  TN.  Position 
requires  B.Sc.  degree  in  com¬ 
puter  engineering  &  minimum  5 
yrs.  exp  in  large  scale  Microsoft 
Data  Warehouse  projects.  For 
details  about  this  job  go  to 
www.cogent.com.  Please  send 
resume/salary  requirements  to 
Andrea  Oldendorf  at  Cogent 
Healthcare,  Inc,  5410  Maryland 
Way,  Suite  300,  Brentwood,  TN 
37027  or  fax  to  615-377-1686 


JUNE  7,  2010 


COMPUTERWORLD  <41 


Epic  Fail-over 

The  IT  director  at  this  big  insurance  company  makes  a  big  deal  about  how  much 
money  can  be  saved  by  consolidating  virtual  machines.  But  this  consultant  pilot 
fish  isn’t  so  certain  it’s  a  good  idea.  “Many  of  us  said,  ‘Are  you  sure  about  fail¬ 
over?'  ”  says  fish.  “We  finally  got  all  the  work  done,  migrating  applications  and 
databases.  We  got  a  thank  you.  Director  got  promoted  -  he  saved  the  company 
$10,000  per  month.  Six  weeks  after  this  project  was  completed,  the  company’s 


Web  sites  -  all  customer-facing  and 
team-facing  access  -  crashed.  After 
some  research,  it  was  discovered 
that  the  hosting  company,  under  the 
director’s  signature,  had  put  all  of  the 
servers,  primary  and  fail-over,  in  the 
same  hardware  frame,  which  had  a 
power  supply  failure.  The  company 
was  offline  for  nearly  30  hours.  But 
the  director  kept  his  promotion.” 


Four-Letter  Words 

At  this  semiconductor  fabrication 
facility,  they’re  running  out  of  four¬ 
digit  numbers.  “The  first  step  of  the 
manufacturing  process  was  to  micro¬ 
scopically  etch  four-digit  serial  num¬ 
bers  onto  the  silicon  using  a  laser,” 
explains  an  IT  pilot  fish  there.  “One 
day,  a  microcode  change  request  for 
the  laser  machine  was  made  by  man¬ 


ufacturing.  They  wanted  the  laser 
reprogrammed  to  use  alphanumeric 
characters.”  Fish’s  first  thought: 

Many  offensive  words  might  be 
constructed  from  four  alphabetical 
characters.  Do  you  want  us  to  make 
sure  those  are  filtered  out?  he  asks. 
Response:  Don’t  bother.  Reports  fish, 
“From  time  to  time  afterward,  we 
would  look  up  and  speculate:  ‘I  won¬ 
der  if  they’re  shipping  JUNK  in  the 
factory  this  week.’  ” 

Deja  Vu  All  Over  Again 

Pilot  fish  goes  in  for  a  job  interview, 
and  the  hiring  manager  tells  him, 

“I  like  to  give  everyone  a  little 
programming  test.  You  should  be 
able  to  complete  it  within  15  min¬ 
utes.”  Sure,  says  fish,  and  it  takes 
him  only  five  minutes  to  produce  a 
two-line  solution  with  a  Boolean  re¬ 
turn  value.  Interviewer  looks  at  fish’s 
solution  and  says,  “This  is  correct.  I 
would  only  point  out  that  you  could 
make  it  even  simpler  by  putting  the 
expression  right  into  the  Return 
statement.”  Fish  doesn’t  get  the 
job.  A  year  later,  fish  is  once  again 
headed  for  a  job  interview.  Some¬ 
thing  about  the  building  seems  oddly 
familiar.  But  it’s  not  until  he  meets 
the  interviewer  that  he  realizes  why: 
This  is  the  same  job  he  interviewed 
for  more  than  a  year  earlier.  It’s  the 
same  programming  test,  too.  "This 
time,  I  pounded  out  the  one-line 
solution  in  15  seconds  flat,”  says 
fish.  “The  interviewer  looked  at  my 
solution  and  said,  ‘This  is  the  correct 
solution  -  and  that’s  the  fastest  I’ve 
ever  seen  anybody  do  it!’  And  I  still 
didn’t  get  the  job.” 


»  Sharky  can’t  promise  you  a 

job,  but  you’ll  get  a  sharp  T-shirt  if  I 
use  your  true  tale  of  IT  life.  Send  it  to 
sharky@computerworld.com. 


^  CHECK  OUT  Sharky’s  blog,  browse  the  Sharkives  and  sign  up  for  home  delivery  at  computerworld.com/sharky. 


ADVERTISERS’ INDEX 

This  index  is  provided  as  an 
additional  service.  The  publisher 
does  not  assume  any  liability  for 
errors  or  omissions. 

l&l  Internet ...  11, 13, 31, 33 
landl.com 

CenturyLink  Business  5 

centurylink.com/stronger 

DEMO  People’s  Choice ....  35 

demo.com/event/ 

demospring2010/winner 

dtSearch  . 39 

dtsearch.com 

Hewlett-Packard . 29 

hp.com/servers/fastforward3 

IBM  Express  Seller . C2 

ibm.com/systems/performance 

IBM  IT  Intel . 7 

ibm.com/systems/more 

IBM  IT  Non-Intel . 9 

ibm.com/engines/cognoS2 

IBM  Power  7 . C4 

ibm.com/poweryourplanet 

IT  WatchDogs . 39 

itwatchdogs.com 

Juniper  Networks . C3 

thenetworkishere.com 

Microsoft  Cloud  Computing  25 

microsoft.com/cloud 

Microsoft  bieb . 16-17 

itseverybodysbusiness.com/ 

virtual 

Microsoft  bieb . 37 

itseverybodysbusiness.com/ 

save 

Morgan  Stanley . 15 

morganstanley.com 

SoftLayer . 21 

softlayer.com 

SonicWALL . 3 

sonicwall.com/secret 


•'BRA 


Periodical 
postage 

•  91 1  MM  I  t  ' 

paid  at 
Framingham,  Mass.,  and 
other  mailing  offices.  Posted 
under  Canadian  International 
Publication  agreement 


PM40063731.  CANADIAN 
POSTMASTER:  Please  return 
undeliverable  copy  to  PO  Box 
1632,  Windsor,  Ontario  N9A 
7C9.  Computerworld  (ISSN 
0010-4841)  is  published  twice 
monthly  by  Computerworld 
Inc.,  492  Old  Connecticut  Path, 
Box  9171,  Framingham,  Mass. 
01701-9171.  Copyright  2010  by 
Computerworld  Inc.  All  rights 
reserved.  Computerworld  can 
be  purchased  on  microfilm  and 
microfiche  through  University 
Microfilms  Inc.,  300  N.  Zeeb 
Road,  Ann  Arbor,  Mich.  48106. 
Computerworld  is  indexed. 

Back  issues,  if  available,  may  be 
purchased  from  the  circulation 
department.  Photocopy  rights: 
permission  to  photocopy  for 
internal  or  personal  use  is 
granted  by  Computerworld  Inc. 
for  libraries  and  other  users 
registered  with  the  Copyright 
Clearance  Center  (CCC).  provided 
that  the  base  fee  of  $3  per  copy 
of  the  article,  plus  50  cents 
per  page,  is  paid  directly  to 
Copyright  Clearance  Center, 

27  Congress  St.,  Salem,  Mass. 
01970.  Reprints  (minimum 
100  copies)  and  permission  to 
reprint  may  be  purchased  from 
Ray  Trynovich,  Computerworld 
Reprints,  c/o  The  YGS  Group, 
Greenfield  Corporate  Center, 
1808  Colonial  Village  Lane, 
Lancaster,  Pa.,  17601,  (800) 
290-5460,  Ext.  148.  Fax:  (717) 
399-8900.  Web  site:  WWW. 
reprintbuyer.com.  E-mail: 
computerworld@theygsgroup. 
com.  Requests  for  missing  issues 
will  be  honored  only  if  received 
within  60  days  of  issue  date. 
Subscription  rates:  $5  per  copy: 
Annual  subscription  rates:  - 
$129;  Canada  -  $129;  Central  & 
So.  America  -  $250;  Europe  - 
$295;  all  other  countries  -  $295. 
Subscriptions  call  toll-free  (888) 
559-7327.  POSTMASTER:  Send 
Form  3579  (Change  of  Address) 
to  Computerworld,  PO  Box  3500, 
Northbrook,  III.  60065-3500. 


2  COMPUTERWORLD  JUNE  7,  2010 


■V  i"  i  •*; 


:,:p;.Si';i 

r.v  ■.’■•  :  'I'.--'/  ?  j&k 


You  pick  the  topics. 
You  pick  the  sources. 
You  pick  the  frequency. 


Get  started  today.  It's  free. 


www.techdispenser.com 


DISPENSER 


CH 


'  ,  •  ’  ■  I-..'.  f  >  1 

sturbingly  personal  newsletters 


Build  your  own  newsletter  featuring  your  favorite 
technology  topics  -  cloud  computing,  application 
development,  security  -  over  200  timely  topics,  from 
more  than  700  trusted  sources. 


Power  your  planet. 

We  live  on  a  planet  where  nearly  6  terabytes  of  information  are  being  exchanged  over  the  Internet  every 
second,  and  where  billions  of  connected  people  are  surpassed  in  number,  only  by  trillions  of  connected 
objects  and  devices.  Why  then  is  the  average  server  in  the  average  business  running  at  only  1 0%  utilization? 
It’s  hard  enough  for  businesses  to  meet  the  demands  of  a  smarter  planet  today,  much  less  the  unforeseen 
demands  of  tomorrow.  The  new  POWER7  Systems™  from  IBM  are  not  simply  servers— they’re  fully 
integrated  systems  with  the  ability  to  run  hundreds  of  virtual  servers,  helping  you  drive  up  to  90%  utilization. 
These  next-generation  systems  integrate  massive  parallel  processing,  throughput  computing  and  analytics 
capabilities  to  optimize  for  the  complex  workloads  of  an  increasingly  data-driven  world.  Learn  how  to 
power  your  planet  at  ibm.com/poweryourplanet 

Smarter  systems  for  a  Smarter  Planet. 


Sources  for  claims  can  be  found  at  www.ibm.com/power/p7claim,  IBM,  the  IBM  logo,  ibm.com,  P0WER7  Systems,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business 
Machines  Corp.,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/copytrade.shtml.  ©  International  Business  Machines  Corporation  201 0 


